CVE-2015-5477: critical remote crash bug in BIND

2015-07-29 - News - Tony Finch

If you have a DNS server running BIND, you should apply the latest security patch as soon as possible.

The bind-announce mailing list has the formal vulnerability notification and release announcements:

https://lists.isc.org/pipermail/bind-announce/2015-July/thread.html

The authors of BIND have also published a blog post emphasizing that there are no workarounds for this vulnerability: it affects both recursive and authoritative servers and I understand that query ACLs are not sufficient protection.

https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/

Our central DNS servers authdns* and recdns* have been patched.

CVE-2015-5477: critical remote crash bug in BIND

Privacy information
Cookie information

Study at Cambridge

About the University

Research at Cambridge

CVE-2015-5477: critical remote crash bug in BIND

Privacy information Cookie information

Study at Cambridge

About the University

Research at Cambridge

Privacy information
Cookie information