Significant flaw present in June BIND releases 9.16.17 and 9.17.14

FYI : Do not upgrade !


-------- Forwarded Message --------
Subject: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14
Date: Thu, 17 Jun 2021 19:56:58 -0800
From: Michael McNally <mcnally@isc.org>
To: bind-users@lists.isc.org



Dear BIND users:

Yesterday, 16 June 2021, we released monthly maintenance snapshot releases of
our currently supported release branches of BIND.

Specifically, we released BIND 9.11.33, 9.16.17, and 9.17.14

There's no way to say this that isn't embarrassing, but only after the release
was an error in a recently optimized routine discovered by a user -- an error
that will definitely cause operational problems for almost all server operators
who upgrade to either of these affected versions:

- BIND 9.16.17
- BIND 9.17.14

BIND 9.11.33 is NOT affected.

If you have not yet updated to the 16 June releases, we ask that you hold off
on any plans to install 9.16.17 or 9.17.14 until replacement releases can be
prepared and tested.

The specific issue in question is being tracked in our issue tracker:

https://gitlab.isc.org/isc-projects/bind9/-/issues/2779

and more information about our plans for issuing replacement releases will be
provided later; at the moment our priority is getting the news to parties as
quickly as possible so that those who have not already adopted the new releases
can postpone until corrected versions are available.

Michael McNally
Internet Systems Consortium
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Well, that sucks. The version in the ports tree is the "broken" one. So to prevent your install from getting wrecked by this version you can pkg-lock(8) it. That will stop it from getting updates.

dns/bind911
dns/bind916
(9.17 is not available)
 
They rolled their own lowercase(), and forgot the letter w. You have to see it to believe it:


Does that count as an off-by-one error? :-/
I've always thought the lettter 'w' was overrated...

All kidding aside... I still have trouble remembering the alphabet. Before you judge me too harshly, keep in mind that English is my second language, and that my first language's alphabet is different.
 
  • Like
Reactions: mtu
Back
Top