[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] ISC has disclosed a vulnerability in BIND (CVE-2022-1183)
From: ISC Security Officer <security-officer () isc ! org>
Date: 2022-05-18 14:38:36
Message-ID: 7d04fb57-182e-a779-dce2-1d1e42d24751 () isc ! org
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
[Attachment #4 (text/plain)]
On May 18 2022, we (Internet Systems Consortium) have disclosed a
vulnerability affecting our BIND software:
CVE-2022-1183: Destroying a TLS session early triggers assertion failure
https://kb.isc.org/v1/docs/cve-2022-1183
New versions of BIND are available from https://www.isc.org/downloads
Operators and package maintainers who prefer to apply patches
selectively can find individual vulnerability-specific patches in the
"patches" subdirectory of the release directories for our affected
stable release branch (9.18):
9.18: https://downloads.isc.org/isc/bind9/9.18.3/patches/
With the public announcement of this vulnerability, the embargo period
is ended and any updated software packages that have been prepared may
be released.
Cathy Almond
ISC Support
["OpenPGP_signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic