On 28 July 2015, ISC publicly disclosed CVE-2015-5477
("An error in handling TKEY queries can cause named to exit with
a REQUIRE assertion failure.")We would like to inform all readers of this list that the official copy of this CVE (https://kb.isc.org/article/AA-01272) has been revised to reflect new information received. Specifically, after learning that a party with no connection to ISC had published proof-of-concept code alleged to exercise the denial-of-service vector disclosed in the CVE, we have updated the "Active exploits" section of the advisory, changing from: Active exploits: None known. to: Active exploits: We have been informed that proof-of-concept code for an exploit has been published by a third party to a public source repository. As this development significantly increases the potential risk that this vulnerability will be exploited by those with a mind to do so, please take steps to patch or upgrade to a secure version as soon as possible. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
