Three new releases of BIND are available for download from https://www.isc.org/downloads
BIND 9.11.19 and BIND 9.16.3 are the May 2020 releases of the two currently supported stable branches of BIND. In addition to bug fixes and feature improvements, these releases also contain security fixes for two "high" severity security vulnerabilities: CVE-2020-8616: BIND does not sufficiently limit the number of fetches performed when processing referrals CVE-2020-8617: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c BIND 9.14.12 is the final planned release in the now End-of-Life (EOL) 9.14 branch. It contains only the fixes for the two security vulnerabilities and is the last 9.14 release that we intend to release. If you are running 9.14 please use the time provided to plan your migration to a currently supported release branch. Release notes for the individual releases can be found at: 9.11.19: https://downloads.isc.org/isc/bind9/9.11.19/RELEASE-NOTES-bind-9.11.19.html 9.14.12: https://downloads.isc.org/isc/bind9/9.14.12/RELEASE-NOTES-bind-9.14.12.html 9.16.3: https://downloads.isc.org/isc/bind9/9.16.3/RELEASE-NOTES-bind-9.16.3.html ISC have also released patch diffs for the two security vulnerabilities, for those who wish to selectively patch the two CVE issues without adopting all of the other changes that are in the latest maintenance releases. Patch diffs can be found in: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.19/patches 9.14 branch: https://downloads.isc.org/isc/bind9/9.14.12/patches 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.3/patches _______________________________________________ bind-announce mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-announce
