ISC New Releases: Why So Many Versions?

Michael McNally mcnally at isc.org
Tue Oct 9 21:33:44 UTC 2012


Today, in response to CVE-2012-5166 (see this article for more
details:  https://kb.isc.org/article/AA-00801 ) ISC has released
eight new versions of BIND.

We realize this may be a little confusing for our users and so we
hope that this will explain the proliferation of releases and be
helpful to BIND users who are unsure which version to select.

Currently BIND has four supported development branches, BIND
9.6-ESV, 9.7, 9.8, and 9.9.  The software defect reported in
CVE-2012-5166 was reported to us after we had made public release
candidates for the next maintenance releases of each branch.
However, in the event of a security vulnerability, our policy is
to attempt to provide replacement versions which fix only the
security vulnerability, to minimize the exposure to operators that
other behavior changes may have an impact on their use of BIND.

Therefore, because of the unusual timing in the discovery of this
vulnerability we are releasing two versions for each development
branch.

Versions labeled with the suffix "-P4" are security-only versions
which include no other changes besides those necessary to address
CVE-2012-5166.

We are also releasing point releases which are release versions
superseding the previously published release candidates.  The point
release versions contain the security fix for CVE-2012-5166 *and*
contain the other bug fixes and functionality changes previously
included in the release candidates.

When selecting a replacement version you should choose a -P4 if
you are currently running a -P3 version and wish to receive ONLY
the security fix.

   9.6-ESV-R7-P4
   9.7.6-P4
   9.8.3-P4, or
   9.9.1-P4

Otherwise we recommend that you upgrade to the latest release version
of your branch, selecting from one of the releases below:

   9.6-ESV-R8
   9.7.7
   9.8.4
   9.9.2

Michael McNally
ISC Support


More information about the bind-workers mailing list