Vulnerability CVE-2019-6469 cannot affect public open-source BIND, only BIND 9 S

Started by icecream-guy, May 30, 2019, 06:05:45 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

icecream-guy

May 30, 2019, 06:05:45 AM
Today ISC is disclosing a vulnerability which affects ONLY releases of BIND in BIND Supported Preview Edition, a private feature preview branch which is provided by ISC to our support customers.

The vulnerability, which is designated CVE-2019-6469 ("BIND Supported Preview Edition can exit with an assertion failure if ECS is in use") can only be encountered in the Supported Preview Edition; it cannot occur in the public open-source branches of BIND.

However, we are issuing this announcement for two reasons:

1)  We believe that public disclosure of vulnerabilities
     is an important security practice and it is required
     by our ISC Software Defect and Security Vulnerability
     Disclosure Policy (if you are interested, you can read
     the policy here:  https://kb.isc.org/docs/aa-00861)

2)  We do not want users of our public open-source products
     to learn about this vulnerability elsewhere and potentially
     be confused about whether the defect can affect them.
     [It cannot.]

Those who wish to learn more about the vulnerability, whether they are affected or not, can read the security advisory for
CVE-2019-6469 in the ISC Knowledge Base:

  https://kb.isc.org/docs/cve-2019-6469

Sincerely,

Michael McNally
ISC Support
:professorcat:

My Moral Fibers have been cut.
Print
Go Up Pages1
User actions