Operational Notification: Change 4892 exposed multiple problems affecting inline-signing

Michael McNally mcnally at isc.org
Wed Sep 19 23:04:33 UTC 2018 

Posting date:        19 September 2018
Program Impacted:    BIND
Versions affected:   9.10.8 -> 9.10.8-P1, 9.11.4 -> 9.11.4-P1,
		     9.12.1 -> 9.12.2-P1.  Also versions 9.13.0 ->
		     9.13.3 of the 9.13 development branch.

Description:

   A code change intended to fix a memory leak that could occur
   after "rndc reload" exposed multiple problems with inline-signing
   that were not possible to trigger in versions prior to change 4892.

Impact:

   In versions containing change #4892 but prior to the correction
   of the multiple related issues, it is possible for inline-signing
   to fail to properly sign records or to properly service refresh
   events. inline-signing should be considered broken in the affected
   versions and operators should either upgrade to a corrected
   version or revert to traditional signing.

Workarounds:

   Traditional signing can be used instead of inline-signing.

Solution:

   If you are running a version affected by this bug you can prevent
   it by upgrading to a release containing the fix which reverses
   the change in behavior. The patched versions can all be downloaded
   from http://www.isc.org/downloads/all.

   +  BIND 9 version 9.11.4-P2
   +  BIND 9 version 9.12.2-P2

Do you have Questions? Questions regarding this notification should
go to support at isc.org.

Additional information on our Operational Notifications is here:
https://www.isc.org/software/notifications, and Phased Disclosure Process
is here: https://www.isc.org/security-vulnerability-disclosure-policy

Legal Disclaimer:

   Internet Systems Consortium (ISC) is providing this notice on
   an "AS IS" basis. No warranty or guarantee of any kind is expressed
   in this notice and none should be inferred. ISC expressly excludes
   and disclaims any warranties regarding this notice or materials
   referred to in this notice, including, without limitation, any
   implied warranty of merchantability, fitness for a particular
   purpose, absence of hidden defects, or of non-infringement. Your
   use of, or reliance on, this notice or materials referred to in
   this notice is at your own risk. ISC may change this notice at
   any time.

More information about the bind-announce mailing list