Re: "Jumbo" Security Release of BIND corrects four exploitable vulnerabilities.

2017-01-12 Thread Dennis Clarke
On 01/12/2017 03:51 PM, project722 wrote: Is there a way to mitigate these vulnerabilities outside of updating The source code from ISC is the official patch. We use RHEL and have to wait on the official patch they provide. I run Solaris servers from Oracle and I build iscbind named service

Re: "Jumbo" Security Release of BIND corrects four exploitable vulnerabilities.

2017-01-12 Thread Phil Mayers
On 12/01/17 15:37, G.W. Haywood wrote: Maybe it makes a difference that I'm in England, and using IPv6? FWIW I see the same thing - also UK-based on IPv6 but traceroute shows I'm hitting a server in the US so I doubt that's relevant. Download of: https://www.isc.org/downloads/file/bind-9-9-

Re: "Jumbo" Security Release of BIND corrects four exploitable vulnerabilities.

2017-01-12 Thread project722
Is there a way to mitigate these vulnerabilities outside of updating BIND? We use RHEL and have to wait on the official patch they provide. Our Bind version is 9.8.2 for RHEL 6 and 9.9.4 for RHEL 7. On Thu, Jan 12, 2017 at 9:37 AM, G.W. Haywood wrote: > Hello again, > > On Thu, 12 Jan 2017, Andr

Re: "Jumbo" Security Release of BIND corrects four exploitable vulnerabilities.

2017-01-12 Thread G.W. Haywood
Hello again, On Thu, 12 Jan 2017, Andrey Fanin wrote: On Thu, 12 Jan 2017, G.W. Haywood wrote: > On Thu, 12 Jan 2017, Michael McNally wrote: > > > ISC has issued new security releases of BIND today [..snip..] > > I'm trying to get BIND 9.9.9-P5 from the downloads page, but > it seems to be givin

Re: "Jumbo" Security Release of BIND corrects four exploitable vulnerabilities.

2017-01-12 Thread Andrew
Looks all is correctly delivered ( all three versions of tar.gz ) from my side ( UA ) 12.01.2017 14:44, G.W. Haywood пишет: Hi there, On Thu, 12 Jan 2017, Michael McNally wrote: ISC has issued new security releases of BIND today [..snip..] These are available via the http://www.isc.org/downl

Re: "Jumbo" Security Release of BIND corrects four exploitable vulnerabilities.

2017-01-12 Thread G.W. Haywood
Hi there, On Thu, 12 Jan 2017, Michael McNally wrote: ISC has issued new security releases of BIND today [..snip..] These are available via the http://www.isc.org/downloads web page: BIND 9.9.9-P5 BIND 9.10.4-P5 BIND 9.11.0-P2 ... I'm trying to get BIND 9.9.9-P5 from the downloads pag

"Jumbo" Security Release of BIND corrects four exploitable vulnerabilities.

2017-01-11 Thread Michael McNally
ISC has issued new security releases of BIND today, correcting three exploitable vulnerabilities discovered in the course of our internal fuzz-testing and an additional exploitable vulnerability reported to us by a contributor. The issues are: CVE-2016-9131 CVE-2016-9147 CVE-2016-9444