oss-sec mailing list archives
ISC has disclosed a vulnerability in BIND (CVE-2021-25218)
From: Michael McNally <mcnally () isc org>
Date: Wed, 18 Aug 2021 10:08:11 -0800
On August 18, 2021, we (Internet Systems Consortium) have disclosed a vulnerability affecting our BIND software: CVE-2021-25218: A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use https://kb.isc.org/docs/cve-2021-25218 New versions of BIND are available from https://www.isc.org/downloads Operators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of the release directories for our two affected release branches (9.16 and 9.17) The BIND 9.11 branch was not affected by CVE-2021-25218. 9.16: https://downloads.isc.org/isc/bind9/9.16.20/patches/ 9.17: https://downloads.isc.org/isc/bind9/9.17.17/patches/ With the public announcement of this vulnerability, the embargo period is ended and any updated software packages that have been prepared may be released. -- Michael McNally (for ISC Security Officer)
Current thread:
- ISC has disclosed a vulnerability in BIND (CVE-2021-25218) Michael McNally (Aug 18)