[dns-operations] BIND vulnerability for recursive servers
Eric Ziegast
ziegast at isc.org
Wed Nov 16 18:52:20 UTC 2011
The patch for a vulnerability to BIND recursive servers has been
released. Authoritative-only servers are not affected.
Site http://www.isc.org/software/bind will be updated with release
info soon.
Here's where you can get downloads now:
ftp://ftp.isc.org/isc/bind9/9.8.1-P1
ftp://ftp.isc.org/isc/bind9/9.7.4-P1
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5-P1
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R5-P1
If you run a recursive server (especially if it's crashing with assert
errors), look at your current version and upgrade
to the -P1 release above for your version.
I'll get a link to the CVE text out as soon as it's available.
--
Eric Ziegast
More information about the dns-operations
mailing list