New BIND releases are available: 9.18.28, 9.20.0
Victoria Risk
vicky at isc.org
Tue Jul 23 13:29:06 UTC 2024
BIND users-
Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 stable branch, are available and can be downloaded from the ISC software download page, https://www.isc.org/download.
In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076), about which more information is provided in the following Security Advisories:
https://kb.isc.org/docs/cve-2024-0760
https://kb.isc.org/docs/cve-2024-1737
https://kb.isc.org/docs/cve-2024-1975
https://kb.isc.org/docs/cve-2024-4076
A summary of significant changes in the new releases can be found in their release notes:
- Current supported stable branches:
9.18.28 - https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html
9.20.0 - https://downloads.isc.org/isc/bind9/9.20.0/doc/arm/html/notes.html
We also have a nice blog post from Ondřej Surý on the 9.20.0 release, including performance testing results (https://www.isc.org/blogs/2024-bind920/).
---
Please Note:
To create an effective mitigation for CVE-2024-1737 we have introduced two new configurable limits that prevent the loading (into zones or into cache) of DNS resource records (RRs) that exceed them. We therefore recommend reading this KB article,
https://kb.isc.org/docs/rrset-limits-in-zones, in case you need to change the defaults to suit your specific operational environment.
We recommend that users planning to upgrade from the EOL 9.16 branch read the following document first:
https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240723/51bd755f/attachment.htm>
More information about the bind-users
mailing list