'[oss-security] ISC has disclosed two vulnerabilities in BIND 9 (CVE-2023-3341, CVE-2023-4236)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] ISC has disclosed two vulnerabilities in BIND 9 (CVE-2023-3341, CVE-2023-4236)
From:       Michał Kępień <michal () isc ! org>
Date:       2023-09-20 12:15:10
Message-ID: ZQriTiZWE_r8Mkpe () larwa ! hq ! kempniu ! pl
[Download RAW message or body]

On 20 September 2023 we (Internet Systems Consortium) disclosed two vulnerabilities affecting \
our BIND 9 software:

- CVE-2023-3341:        A stack exhaustion flaw in control channel code may cause named to \
                terminate unexpectedly https://kb.isc.org/docs/cve-2023-3341
- CVE-2023-4236:        named may terminate unexpectedly under high DNS-over-TLS query load \
https://kb.isc.org/docs/cve-2023-4236

New versions of BIND 9 are available from https://www.isc.org/downloads

Operators and package maintainers who prefer to apply patches selectively can find individual \
vulnerability-specific patches in the "patches" subdirectory of each published release \
directory:

- https://downloads.isc.org/isc/bind9/9.16.44/patches/
- https://downloads.isc.org/isc/bind9/9.18.19/patches/
- https://downloads.isc.org/isc/bind9/9.19.17/patches/

With the public announcement of these vulnerabilities, the embargo period is ended and any \
updated software packages that have been prepared may be released.

-- 
Best regards,
Michał Kępień


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic