New releases of BIND are available, containing patches to correct
CVE-2018-5740 (https://kb.isc.org/article/AA-01639)

They can be downloaded from https://www.isc.org/downloads and you
can learn more about them from their release notes:

  9.9.13-P1:  https://kb.isc.org/article/AA-01642/81/BIND-9.9.13-P1
  9.10.8-P1:  https://kb.isc.org/article/AA-01643/81/BIND-9.10.8-P1
  9.11.4-P1:  https://kb.isc.org/article/AA-01644/81/BIND-9.11.4-P1
  9.12.2-P1:  https://kb.isc.org/article/AA-01645/81/BIND-9.12.2-P1

We know that security releases are disruptive for many operators and
in this case the patch is for a fix in a very little-used feature.
We would therefore advise any operators concerned about upgrading
to read this particular security advisory carefully and decide whether
it applies to their installation.

Also, we'd like to remind users who are still on the 9.9 and 9.10
branches that support for those branches officially ended at the
end of July.  As with these recent patches we may continue to provide
security patch releases for them for a period but operators are
advised to make plans to migrate to a supported branch.  BIND 9.11
is the branch which is the currently designated Extended Support Version.
_______________________________________________
bind-announce mailing list
bind-announce@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-announce

Reply via email to