A new version of BIND is available to address two vulnerabilities disclosed today: CVE-2018-5736 and CVE-2018-5737; see the respective messages on this mailing list or consult the ISC Knowledge Base https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/.
Only two releases in the BIND 9.12 branch were affected by these vulnerabilities and BIND 9.12.1-P2 corrects both issues. The new release can be found via our software download page: https://www.isc.org/downloads Finally, a word of apology for the awkward timing of this diclosure. At ISC we usually try to avoid the very beginning or end of the week for our vulnerability disclosures because time zone factors can make those times particularly awkward for operators in other parts of the world. In this particular instance we had originally scheduled our disclosure for Wednesday (16 May) but were forced to delay the release when a last-minute flaw was found in BIND 9.12.1-P1, leading to its withdrawal and replacement with BIND 9.12.1-P2. Unfortunately the vulnerabilities were partly disclosed at that stage and we decided that the safest course was to proceed as directly as possible to public disclosure, rather than risk a leak. We do regret the inconvenience that will be incurred by server operators due to the timing of this announcement. Michael McNally ISC Security Officer _______________________________________________ bind-announce mailing list firstname.lastname@example.org https://lists.isc.org/mailman/listinfo/bind-announce