Opened 4 years ago

Closed 4 years ago

#11166 closed enhancement (fixed)

bind9 bind-utilities bind 9.11.4-P2 (Security Update)

Reported by: Douglas R. Reno Owned by: thomas
Priority: high Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New patch level.

At 6:18PM CDT, I received the following email over the oss-security mailing list:

To the packagers and redistributors of BIND:

Today ISC announced one CVE (which does not come with a code fix)
and two operational notifications for issues in BIND (which do.)

The new releases for BIND 9.11.4-P2 and BIND 9.12.2-P2 can be found
at http://www.isc.org/downloads

Details on the security vulnerability and the two operational
notifications can be found via the following links:

   https://kb.isc.org/docs/cve-2018-5741


https://kb.isc.org/docs/change-4892-exposed-multiple-problems-affecting-dnssec-inline-signing

https://kb.isc.org/docs/some-releases-of-bind-9-12-are-too-strict-when-handling-referrals-with-non-empty-answer-sections


Michael McNally
ISC Security Officer

Change History (6)

comment:1 by thomas, 4 years ago

Owner: changed from blfs-book to thomas
Status: newassigned

Book uses development branch 9.13.x Shouldn't we switch over to the stable branch (9.12.x) ?

in reply to:  1 comment:2 by Bruce Dubbs, 4 years ago

Replying to thomas:

Book uses development branch 9.13.x Shouldn't we switch over to the stable branch (9.12.x) ?

Yes. Can you point to where the stable/development version status is documented. I will need to update the currency script.

comment:3 by thomas, 4 years ago

A full list of versions is available at ftp://ftp.isc.org/isc/bind9/ but there its hard to distinguish between development/stable version except its taken to account that even numbers in versions like 9.12.x are stable version and odd numbers like 9.13.x are development versions. That is stated on ISC site somewhere. So if a 9.14.x pops up, this would be the next stable version. Subsequently a 9.15.x will occur but that is again a development version.

The website of ISC provides a direct path to that versions at https://www.isc.org/downloads/ but i don't know how to process that automatically as you have to click on the '-'-sign at bind to see whats current.

comment:4 by Pierre Labastie, 4 years ago

For the numbering schem, see https://www.isc.org/downloads/software-support-policy/ Starting at 9.13, odd numbered version are development. even numbered versions are stable. Extended support version (ESV) will be at every other stable version, starting at 9.16 (9.14 is not yet out). Before 9.12, odd numbered versions could be stable, and actually, 9.11 is ESV

comment:5 by Bruce Dubbs, 4 years ago

Thanks guys. I'll adjust the currency script.

comment:6 by thomas, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed in r20560

Switched to 9.12.2-P2

Note: See TracTickets for help on using tickets.