I apologize; I accidentally hit Send before completing my message. Just for a bit of clarity, the security vulnerability indicates that it can cause a resolver to crash with malformed BRID or HHIT records. Does this apply to all resolvers that support these record types, or only in cases where your server does serve records of these types? I’m assuming the former but just wanted to check. Is there any way to configure BIND to not support serving these types of records?
Thanks, Brian -- Brian Sebby (he/him/his) | Lead Systems Engineer Email: [email protected]<mailto:[email protected]> | Information Technology Infrastructure Phone: +1 630.252.9935 | Business Information Services Cell: +1 630.921.4305 | Argonne National Laboratory From: Sebby, Brian A. <[email protected]> Date: Wednesday, January 21, 2026 at 10:44 AM To: [email protected] <[email protected]> Subject: Re: New BIND 9 releases: 9.18.44, 9.20.18, 9.21.17 Just for a bit of clarity, the security vulnerability indicates that it can cause a resolver to crash with malformed BRID or HH -- Brian Sebby (he/him/his) | Lead Systems Engineer Email: [email protected]<mailto:[email protected]> | Information Technology Infrastructure Phone: +1 630.252.9935 | Business Information Services Cell: +1 630.921.4305 | Argonne National Laboratory From: bind-announce <[email protected]> on behalf of Suzanne Goldlust <[email protected]> Date: Wednesday, January 21, 2026 at 7:03 AM To: [email protected] <[email protected]> Subject: New BIND 9 releases: 9.18.44, 9.20.18, 9.21.17 This Message Is From an External Sender This message came from outside your organization. Our January 2026 maintenance releases of BIND 9 are available and can be downloaded from the links below. Packages and container images provided by ISC will be updated later today. In addition to bug fixes and feature improvements, these releases also contain fixes for a security vulnerability. More information can be found in the following Security Advisory: https://urldefense.us/v3/__https://kb.isc.org/docs/cve-2025-13878__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIROe1yRJew$ A link to each newly-released version follows. Each release directory includes a complete source tarball, cryptographic signature, and release notes. The release notes provide a summary of significant changes, and should be reviewed before upgrading. - Current supported stable branches: - 9.18.44 - https://urldefense.us/v3/__https://downloads.isc.org/isc/bind9/9.18.44/__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIROLLuMLQw$ - 9.20.18 - https://urldefense.us/v3/__https://downloads.isc.org/isc/bind9/9.20.18/__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIROMXXa1DI$ - Experimental development branch: - 9.21.17 - https://urldefense.us/v3/__https://downloads.isc.org/isc/bind9/9.21.17/__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIROrLsT550$ For more information and other release formats, consult the ISC software download page: https://urldefense.us/v3/__https://www.isc.org/download/__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIRO9iZzXSA$ --- As a reminder, BIND’s supported platforms are listed in the ARM (https://urldefense.us/v3/__https://bind9.readthedocs.io/en/stable/chapter2.html*supported-platforms__;Iw!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIROyUh2pHU$) and in this knowledgebase article (https://urldefense.us/v3/__https://kb.isc.org/docs/supported-platforms__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIRO-WnT8VQ$). -- bind-announce mailing list [email protected] https://urldefense.us/v3/__https://lists.isc.org/mailman/listinfo/bind-announce__;!!G_uCfscf7eWS!d0s-4i1hti59FxMTbbE4MFk1Sq6MdrsFh95Ob-Mt064-pwP5hDq1UeJQf4Ixna0nEpQ8OIRO1Jf2C5o$
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
