[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] ISC has disclosed a vulnerability in BIND (CVE-2021-25218)
From: Michael McNally <mcnally () isc ! org>
Date: 2021-08-18 18:08:11
Message-ID: 15904ddc-8bdb-9661-48fa-d43a79f23aea () isc ! org
[Download RAW message or body]
On August 18, 2021, we (Internet Systems Consortium) have disclosed a
vulnerability affecting our BIND software:
CVE-2021-25218: A too-strict assertion check could be triggered when
responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if
RRL is in use
https://kb.isc.org/docs/cve-2021-25218
New versions of BIND are available from https://www.isc.org/downloads
Operators and package maintainers who prefer to apply patches selectively can
find individual vulnerability-specific patches in the "patches" subdirectory
of the release directories for our two affected release branches (9.16 and 9.17)
The BIND 9.11 branch was not affected by CVE-2021-25218.
9.16: https://downloads.isc.org/isc/bind9/9.16.20/patches/
9.17: https://downloads.isc.org/isc/bind9/9.17.17/patches/
With the public announcement of this vulnerability, the embargo
period is ended and any updated software packages that have been
prepared may be released.
--
Michael McNally
(for ISC Security Officer)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic