Conversation

Notices

1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Friday, 21-Aug-2020 13:17:59 EDT GeniusMusing
   ISC Releases Security Advisories for BIND CISA
   https://us-cert.cisa.gov/ncas/current-activity/2020/08/21/isc-releases-security-advisories-bind
   
   >The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
   >
   >The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following ISC advisories for more information and to apply the necessary updates.
   
   CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c Security Advisories
   https://kb.isc.org/docs/cve-2020-8620
   
   CVE-2020-8621: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c Security Advisories
   https://kb.isc.org/docs/cve-2020-8621
   
   [CVE-2020-8622: A truncated TSIG response can lead to an assertion failure Security Advisories](https://kb.isc.org/docs/cve-2020-8622)
   
   CVE-2020-8623: A flaw in native PKCS11 code can lead to a remotely triggerable assertion failure in pk11.c Security Advisories
   https://kb.isc.org/docs/cve-2020-8623
   
   CVE-2020-8624: update-policy rules of type "subdomain" are enforced incorrectly Security Advisories
   https://kb.isc.org/docs/cve-2020-8624
   1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Friday, 21-Aug-2020 17:05:22 EDT lnxw48a1

      in reply to
      #ISC's #BIND continues to have security holes one after another. I do sometimes wonder why we (the world as a whole) haven't migrated to something descended from DJBDNS.
      
      #DNS #security