oss-sec mailing list archives
ISC has disclosed a vulnerability in BIND (CVE-2022-1183)
From: ISC Security Officer <security-officer () isc org>
Date: Wed, 18 May 2022 15:38:36 +0100
On May 18 2022, we (Internet Systems Consortium) have disclosed a vulnerability affecting our BIND software:
CVE-2022-1183: Destroying a TLS session early triggers assertion failure https://kb.isc.org/v1/docs/cve-2022-1183 New versions of BIND are available from https://www.isc.org/downloadsOperators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of the release directories for our affected stable release branch (9.18):
9.18: https://downloads.isc.org/isc/bind9/9.18.3/patches/With the public announcement of this vulnerability, the embargo period is ended and any updated software packages that have been prepared may be released.
Cathy Almond ISC Support
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
Current thread:
- ISC has disclosed a vulnerability in BIND (CVE-2022-1183) ISC Security Officer (May 18)