New BIND releases are available: 9.18.28, 9.20.0

Tue Jul 23 15:20:19 UTC 2024

We use the COPR to install BIND on our servers, and I wanted to mention that it looks like in both the isc/bind and isc/bind-esv repos, the build of the package “isc-bind-bind” failed for version  9.18.28-1.1 in (as far as I can tell) only the EPEL 7 repo in Build 7776636.  Could someone look at that?  We’re on RHEL 8 and 9 for our BIND servers and it looks like the EPEL 8 and 9 versions build successfully, but I want to make sure that I’m not missing something.  Thanks!

Brian

--
Brian Sebby (he/him/his)      |  Lead Systems Engineer
Email: sebby at anl.gov<mailto:sebby at anl.gov>          |  Information Technology Infrastructure
Phone: +1 630.252.9935        |  Business Information Services
Cell:  +1 630.921.4305        |  Argonne National Laboratory

From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Victoria Risk <vicky at isc.org>
Date: Tuesday, July 23, 2024 at 8:32 AM
To: bind-announce at lists.isc.org <bind-announce at lists.isc.org>, BIND Users <bind-users at lists.isc.org>
Subject: New BIND releases are available: 9.18.28, 9.20.0
BIND users- Our July 2024 maintenance release of BIND 9. 18, as well as the new 9. 20. 0 stable branch, are available and can be downloaded from the ISC software download page, https: //www. isc. org/download. In addition to bug fixes and feature
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd
BIND users-

Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 stable branch, are available and can be downloaded from the ISC software download page, https://www.isc.org/download<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.isc.org_download&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=bzNtaRi91LT7NGxvLacOsRR1G9KN3r-0KTyCGEZg7W4&e=>.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076), about which more information is provided in the following Security Advisories:

    https://kb.isc.org/docs/cve-2024-0760<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_cve-2D2024-2D0760&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=hf52gj9SjjbMh_N66diWqdZFByhr_hEy_DLLM6useU4&e=>
    https://kb.isc.org/docs/cve-2024-1737<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_cve-2D2024-2D1737&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=QZWuJmSD9PaIQPEorLqEbgQF-tj3T27lRz28IBul8Gc&e=>
    https://kb.isc.org/docs/cve-2024-1975<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_cve-2D2024-2D1975&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=3rxkgsPWVjucjy0uQLiFWNSKqV579E-ri6R2zGqDFw8&e=>
    https://kb.isc.org/docs/cve-2024-4076<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_cve-2D2024-2D4076&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=z2wPjQ7Pj0Dh9Bc02avjPawaCkKA3fdgEZ2ztpWVH3Y&e=>

A summary of significant changes in the new releases can be found in their release notes:

  - Current supported stable branches:

    9.18.28 - https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__downloads.isc.org_isc_bind9_9.18.28_doc_arm_html_notes.html&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=eL3vtH4F4vRw0n1gERxG-YbNvYiZUwcADdS64amUM94&e=>
    9.20.0  - https://downloads.isc.org/isc/bind9/9.20.0/doc/arm/html/notes.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__downloads.isc.org_isc_bind9_9.20.0_doc_arm_html_notes.html&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=jByNiOTuwi2CKgchg6VaHFIewzRSMvAtPq-UNd3NZ04&e=>

We also have a nice blog post from Ondřej Surý on the 9.20.0 release, including performance testing results (https://www.isc.org/blogs/2024-bind920/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.isc.org_blogs_2024-2Dbind920_&d=DwMFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=UUKshb2znNU4e4TPM0Yd2ufCIHmbyXxSKZu0ptJ8B3c&e=>).

---
Please Note:

To create an effective mitigation for CVE-2024-1737 we have introduced two new configurable limits that prevent the loading (into zones or into cache) of DNS resource records (RRs) that exceed them. We therefore recommend reading this KB article,

https://kb.isc.org/docs/rrset-limits-in-zones<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_rrset-2Dlimits-2Din-2Dzones&d=DwMFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=rubfa9plpqTW7oAHrRfURnVqh28DVS8RP5L2EVg6QOM&e=>, in case you need to change the defaults to suit your specific operational environment.

We recommend that users planning to upgrade from the EOL 9.16 branch read the following document first:

    https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_changes-2Dto-2Dbe-2Daware-2Dof-2Dwhen-2Dmoving-2Dfrom-2Dbind-2D916-2Dto-2D918&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=Psq-P97iXxQ-QTSJn9CnBrGXnKQHNDH1RNhFd0RAJrI&e=>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240723/c0a23995/attachment-0001.htm>