BIND users-
Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0
stable branch, are available and can be downloaded from the ISC software
download page, https://www.isc.org/download.
In addition to bug fixes and feature improvements, these releases also contain
fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737,
CVE-2024-1975, CVE-2024-4076), about which more information is provided in the
following Security Advisories:
https://kb.isc.org/docs/cve-2024-0760
https://kb.isc.org/docs/cve-2024-1737
https://kb.isc.org/docs/cve-2024-1975
https://kb.isc.org/docs/cve-2024-4076
A summary of significant changes in the new releases can be found in their
release notes:
- Current supported stable branches:
9.18.28 -
https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html
9.20.0 - https://downloads.isc.org/isc/bind9/9.20.0/doc/arm/html/notes.html
We also have a nice blog post from Ondřej Surý on the 9.20.0 release, including
performance testing results (https://www.isc.org/blogs/2024-bind920/).
---
Please Note:
To create an effective mitigation for CVE-2024-1737 we have introduced two new
configurable limits that prevent the loading (into zones or into cache) of DNS
resource records (RRs) that exceed them. We therefore recommend reading this KB
article,
https://kb.isc.org/docs/rrset-limits-in-zones, in case you need to change the
defaults to suit your specific operational environment.
We recommend that users planning to upgrade from the EOL 9.16 branch read the
following document first:
https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918
--
bind-announce mailing list
bind-announce@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-announce
