[oss-security] ISC has issued new patch releases of BIND

Discussion:

[oss-security] ISC has issued new patch releases of BIND

Michael McNally

2018-09-19 23:16:25 UTC

To the packagers and redistributors of BIND:

Today ISC announced one CVE (which does not come with a code fix)
and two operational notifications for issues in BIND (which do.)

The new releases for BIND 9.11.4-P2 and BIND 9.12.2-P2 can be found
at http://www.isc.org/downloads

Details on the security vulnerability and the two operational
notifications can be found via the following links:

https://kb.isc.org/docs/cve-2018-5741

https://kb.isc.org/docs/change-4892-exposed-multiple-problems-affecting-dnssec-inline-signing

https://kb.isc.org/docs/some-releases-of-bind-9-12-are-too-strict-when-handling-referrals-with-non-empty-answer-sections

Michael McNally
ISC Security Officer

Solar Designer

2018-09-20 09:32:10 UTC

Post by Michael McNally
Details on the security vulnerability and the two operational
https://kb.isc.org/docs/cve-2018-5741

Per oss-security list content guidelines, actual vulnerability detail
must be included in postings (message body or text/plain attachment).

I've attached a text export of the above web page to this message.
(I did not bother doing the same for the operational notifications.)

Michael, I'd appreciate it if you start including such detail in your
oss-security postings. Including the links as well is great (such as
for easy access to updated revisions while the links work); including
only links is discouraged.

Thanks,

Alexander

1 Reply
1 View
Permalink to this page
Disable enhanced parsing

Thread Navigation

Michael McNally 2018-09-19 23:16:25 UTC

Solar Designer 2018-09-20 09:32:10 UTC

about - legalese

Loading...