[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] ISC has disclosed a vulnerability in BIND (CVE-2022-1183)
From:       ISC Security Officer <security-officer () isc ! org>
Date:       2022-05-18 14:38:36
Message-ID: 7d04fb57-182e-a779-dce2-1d1e42d24751 () isc ! org
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]

[Attachment #4 (text/plain)]

On May 18 2022, we (Internet Systems Consortium) have disclosed a 
vulnerability affecting our BIND software:

CVE-2022-1183: Destroying a TLS session early triggers assertion failure

https://kb.isc.org/v1/docs/cve-2022-1183

New versions of BIND are available from https://www.isc.org/downloads

Operators and package maintainers who prefer to apply patches 
selectively can find individual vulnerability-specific patches in the 
"patches" subdirectory of the release directories for our affected 
stable release branch (9.18):

9.18: https://downloads.isc.org/isc/bind9/9.18.3/patches/

With the public announcement of this vulnerability, the embargo period 
is ended and any updated software packages that have been prepared may 
be released.

Cathy Almond
ISC Support

["OpenPGP_signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]