Description:

Multiple vulnerabilities were found in ISC BIND software.  A remote attacker may bypass the validity checks to replace data in the mirror zone or send specially crafted queries to cause BIND to exit.

Affected Systems:

• BIND 9.14.0 to 9.14.6
• BIND 9.15.0 to 9.15.4

Impact:

Successful exploitation could lead to spoofing, security restriction bypass or denial of service on an affected system.

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

• BIND 9.14.7
• BIND 9.15.5
  https://www.isc.org/download/

Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://kb.isc.org/docs/cve-2019-6475
https://kb.isc.org/docs/cve-2019-6476
https://www.hkcert.org/my_url/en/alert/19101801
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6476