Update to BIND query.c CVE-2011-4313

Chris Thompson cet1 at cam.ac.uk
Mon Dec 5 23:15:50 UTC 2011

On Dec 5 2011, Susan Graves wrote on bind-announce:

>Dear BIND-Users,
>Please see today's update to CVE-2011-4313
>(https://www.isc.org/software/bind/advisories/cve-2011-4313) regarding
>ISC's final analysis of this event. 
>Also, please review our KnowledgeBase article
>(_https://deepthought.isc.org/article/AA-00549_) for additional
>information including possible operational considerations and a workaround.

Now that "the original trigger for this incident no longer exists", is
it permissible to ask which the zone involved was? I have been assuming
it was another one in "gov", just because the early reports were from the
US and no-one around here seems to have had their recursive nameservers
crash. [We upgraded to BIND 9.8.1-P1 anyway, of course.]

Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list