https://access.redhat.com/security/cve/cve-2018-5742
FYI and just to clarify, Red Hat Security Advisory CVE-2018-5742 does not exist in any version of BIND available directly from ISC; it is present solely in the version(s) identified by Red Hat in their own distribution(s). The problem was accidentally introduced during a backport of the NTA (Negative Trust Anchor) feature from ISC BIND 9.11. Both Red Hat and CentOS have BIND distributions that are affected. The associated defect reports can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-5742 https://bugs.centos.org/view.php?id=15528 For anyone who would like to take this opportunity to migrate to a supported ISC version of BIND, please see our downloads page: https://www.isc.org/downloads/ We realise that for many, access to packaged versions of BIND 9 is the reason that they chose to run the version of BIND offered by their OS platform rather than building their own. You might be interested to hear that we're working on providing packaged builds of ISC BIND for some platforms. Details here: https://www.isc.org/blogs/bind-9-packages/ For a comparison of feature availability in different versions of BIND from ISC, see: https://kb.isc.org/docs/aa-01310 (Please also note that BIND 9.9 and 9.10 from ISC are now EOL). Cathy Almond ISC Support _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users