Published on: 21 August 2020
ISC has released security updates to fix multiple security vulnerabilities in BIND. The list of security updates can be found at:
https://kb.isc.org/docs/cve-2020-8620
https://kb.isc.org/docs/cve-2020-8621
https://kb.isc.org/docs/cve-2020-8622
https://kb.isc.org/docs/cve-2020-8623
https://kb.isc.org/docs/cve-2020-8624
Please note that BIND 9.13 and BIND 9.15 are unstable development branches that are obsoleted. No security updates will be provided. Users should arrange upgrading the BIND to the latest supported versions or migrating to other supported technology.
Depending on the vulnerability exploited, a successful attack could lead to denial of service or elevation of privilege.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
https://www.isc.org/download/
Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.isc.org/docs/cve-2020-8620
https://kb.isc.org/docs/cve-2020-8621
https://kb.isc.org/docs/cve-2020-8622
https://kb.isc.org/docs/cve-2020-8623
https://kb.isc.org/docs/cve-2020-8624
https://kb.isc.org/docs/bind-9-end-of-life-dates
https://ftp.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.html
https://ftp.isc.org/isc/bind9/9.16.6/RELEASE-NOTES-bind-9.16.6.html
https://ftp.isc.org/isc/bind9/9.17.4/RELEASE-NOTES-bind-9.17.4.html
https://www.hkcert.org/my_url/en/alert/20082101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8620 (to CVE-2020-8624)