oss-sec mailing list archives
CVE-2016-2848 has been disclosed.
From: Michael McNally <mcnally () isc org>
Date: Thu, 20 Oct 2016 14:43:14 -0400
Last week we notified the related list, distros () vs openwall org, about CVE-2016-2848, a vulnerability found in ISC BIND releases produced before change #3548, which first appeared in May 2013. Although all of ISC's BIND releases since that date have been immune to the vulnerability, several OS distribution packagers were maintaining BIND packages which were forked from ISC's source line before that change and so we notified that list to give packagers warning before our public disclosure of the vulnerability. As we previously announced it was our intention to do, we have publicly disclosed CVE-2016-2848 today. Since information concerning the vulnerability, including a reproduction script, exists in a public bug repository we urge you to update vulnerable binary packages as soon as possible. Thank you. The official copy of our vulnerability announcement can be found here: https://kb.isc.org/article/AA-01433/74/CVE-2016-2848 Michael McNally ISC Security Officer
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2016-2848 has been disclosed. Michael McNally (Oct 20)
- Re: CVE-2016-2848 has been disclosed. Florian Weimer (Oct 20)