Operational Notification: Change 4892 exposed multiple problems affecting inline-signing
Michael McNally
mcnally at isc.org
Wed Sep 19 23:04:33 UTC 2018
Posting date: 19 September 2018
Program Impacted: BIND
Versions affected: 9.10.8 -> 9.10.8-P1, 9.11.4 -> 9.11.4-P1,
9.12.1 -> 9.12.2-P1. Also versions 9.13.0 ->
9.13.3 of the 9.13 development branch.
Description:
A code change intended to fix a memory leak that could occur
after "rndc reload" exposed multiple problems with inline-signing
that were not possible to trigger in versions prior to change 4892.
Impact:
In versions containing change #4892 but prior to the correction
of the multiple related issues, it is possible for inline-signing
to fail to properly sign records or to properly service refresh
events. inline-signing should be considered broken in the affected
versions and operators should either upgrade to a corrected
version or revert to traditional signing.
Workarounds:
Traditional signing can be used instead of inline-signing.
Solution:
If you are running a version affected by this bug you can prevent
it by upgrading to a release containing the fix which reverses
the change in behavior. The patched versions can all be downloaded
from http://www.isc.org/downloads/all.
+ BIND 9 version 9.11.4-P2
+ BIND 9 version 9.12.2-P2
Do you have Questions? Questions regarding this notification should
go to support at isc.org.
Additional information on our Operational Notifications is here:
https://www.isc.org/software/notifications, and Phased Disclosure Process
is here: https://www.isc.org/security-vulnerability-disclosure-policy
Legal Disclaimer:
Internet Systems Consortium (ISC) is providing this notice on
an "AS IS" basis. No warranty or guarantee of any kind is expressed
in this notice and none should be inferred. ISC expressly excludes
and disclaims any warranties regarding this notice or materials
referred to in this notice, including, without limitation, any
implied warranty of merchantability, fitness for a particular
purpose, absence of hidden defects, or of non-infringement. Your
use of, or reliance on, this notice or materials referred to in
this notice is at your own risk. ISC may change this notice at
any time.
More information about the bind-announce
mailing list