Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14

Michael McNally mcnally at isc.org
Fri Jun 18 03:57:01 UTC 2021


Dear BIND users:

Yesterday, 16 June 2021, we released monthly maintenance snapshot releases of
our currently supported release branches of BIND.

Specifically, we released BIND 9.11.33, 9.16.17, and 9.17.14

There's no way to say this that isn't embarrassing, but only after the release
was an error in a recently optimized routine discovered by a user -- an error
that will definitely cause operational problems for almost all server operators
who upgrade to either of these affected versions:

-  BIND 9.16.17
-  BIND 9.17.14

BIND 9.11.33 is NOT affected.

If you have not yet updated to the 16 June releases, we ask that you hold off
on any plans to install 9.16.17 or 9.17.14 until replacement releases can be
prepared and tested.

The specific issue in question is being tracked in our issue tracker:

    https://gitlab.isc.org/isc-projects/bind9/-/issues/2779

and more information about our plans for issuing replacement releases will be
provided later; at the moment our priority is getting the news to parties as
quickly as possible so that those who have not already adopted the new releases
can postpone until corrected versions are available.

Michael McNally
Internet Systems Consortium


More information about the bind-announce mailing list