Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Oct 2016 14:43:14 -0400
From: Michael McNally <>
Subject: CVE-2016-2848 has been disclosed.

Last week we notified the related list,,
about CVE-2016-2848, a vulnerability found in ISC BIND releases
produced before change #3548, which first appeared in May 2013.

Although all of ISC's BIND releases since that date have been immune
to the vulnerability, several OS distribution packagers were
maintaining BIND packages which were forked from ISC's
source line before that change and so we notified that
list to give packagers warning before our public disclosure of
the vulnerability.

As we previously announced it was our intention to do,
we have publicly disclosed CVE-2016-2848 today.

Since information concerning the vulnerability, including
a reproduction script, exists in a public bug repository
we urge you to update vulnerable binary packages as soon
as possible.

Thank you.  The official copy of our vulnerability announcement
can be found here:

Michael McNally
ISC Security Officer

Download attachment "signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.