The OpenSSL project recently announced several security issues including OpenSSL Security Advisory CVE-2015-1794. The official advisory from the OpenSSL project can be found at http://openssl.org/news/secadv/20151203.txt but in brief: versions 1.0.2 through 1.0.2d have a vulnerability that potentially weakens encryption security in BIND. Version 1.0.2e is recommended as the secured version.
Operators using DNSSEC or any other features of BIND that depend onOpenSSL in a production environment are therefore advised to first update their version of OpenSSL before building and linking new BIND executables. Other vulnerabilities have been disclosed in older versions of OpenSSL that are not believed to affect BIND but could affect the security of other programs that make use of OpenSSL libraries. Please consult the OpenSSL project's security disclosure page for more information about OpenSSL security issues. As of 15 December 2015, and versions 9.9.8-P2 and 9.10.3-P2, BIND will refuse to build with certain OpenSSL versions considered to contain security issues. If for some reason you are unable to upgrade your OpenSSL libraries the version check can be bypassed when building BIND by using: "configure --disable-openssl-version-check" The Windows binary packages included in today's releases of BIND 9.9.8-P2 and BIND 9.10.3-P2 have been built using OpenSSL 1.0.2e _______________________________________________ bind-announce mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-announce
