Today ISC is disclosing a vulnerability which affects ONLY
releases of BIND in BIND Supported Preview Edition, a private
feature preview branch which is provided by ISC to our support
customers.
The vulnerability, which is designated CVE-2019-6469
("BIND Supported Preview Edition can exit with an assertion
failure if ECS is in use") can only be encountered in
the Supported Preview Edition; it cannot occur in the
public open-source branches of BIND.
However, we are issuing this announcement for two reasons:
1) We believe that public disclosure of vulnerabilities
is an important security practice and it is required
by our ISC Software Defect and Security Vulnerability
Disclosure Policy (if you are interested, you can read
the policy here: https://kb.isc.org/docs/aa-00861)
2) We do not want users of our public open-source products
to learn about this vulnerability elsewhere and potentially
be confused about whether the defect can affect them.
[It cannot.]
Those who wish to learn more about the vulnerability, whether
they are affected or not, can read the security advisory for
CVE-2019-6469 in the ISC Knowledge Base:
https://kb.isc.org/docs/cve-2019-6469
Sincerely,
Michael McNally
ISC Support
_______________________________________________
bind-announce mailing list
bind-announce@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-announce
