Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <820f3419-4347-8f37-adc1-498cea1fb17e@isc.org>
Date: Tue, 12 Jun 2018 16:07:30 -0800
From: ISC Security Officer <security-officer@....org>
To: oss-security@...ts.openwall.com
Subject: ISC has announced CVE-2018-5738, a defect in some versions of BIND

Please be advised that ISC has publicly announced a vulnerability in
some versions of BIND.

CVE-2018-5738 is a medium severity vulnerability in which nameservers
containing the previous change #4777 (from October 2017), if they
are configured to permit recursive service to some clients, may because
of this error improperly inherit the wrong default permission, causing
the server to permit recursive service to ALL clients.  Several workarounds
are documented in the official security advisory document, which can be
found in ISC's knowledge base:

   https://kb.isc.org/article/AA-01616/0/CVE-2018-5738


Michael McNally
ISC Security Officer


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.