<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468)
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Michael McNally <mcnally () isc org>
Date: Wed, 24 Apr 2019 22:55:00 -0800
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Today ISC disclosed two vulnerabilities affecting BIND as well
as a third vulnerability which affects *only* BIND Supported Preview
Edition (a special feature-preview version of BIND provided to
ISC support customers.)
Information about the vulnerabilities can be found in the ISC Knowledge
Base:
CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
https://kb.isc.org/docs/cve-2018-5743
CVE-2019-6467: An error in the nxdomain redirect feature can cause
BIND to exit with an INSIST assertion failure in query.c
https://kb.isc.org/docs/cve-2019-6467
CVE-2019-6468: BIND Supported Preview Edition can exit with an
assertion failure if nxdomain-redirect is used
https://kb.isc.org/docs/cve-2019-6468
New releases of BIND have been issued to fix the vulnerabilities above.
They may be downloaded from the ISC website: https://www.isc.org/downloads
- 9.11.6-P1
- 9.12.4-P1
- 9.14.1
With the public disclosure of these vulnerabilities, parties which
had been given advance notice concerning them are released from
non-disclosure and packagers and redistributors are encouraged to
publish updated packages containing fixes.
If you have additional questions, please direct them to
security-officer () isc org
Thank you,
Michael McNally
ISC Security Officer
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Michael McNally (Apr 24)
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Peter Korsgaard (Apr 25)
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) andreas (Apr 27)
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Peter Korsgaard (Apr 27)
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) andreas (Apr 27)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->