Security Alert (A20-08-05): Multiple Vulnerabilities in ISC BIND

Description:

ISC has released security updates to fix multiple security vulnerabilities in BIND. The list of security updates can be found at:

https://kb.isc.org/docs/cve-2020-8620
https://kb.isc.org/docs/cve-2020-8621
https://kb.isc.org/docs/cve-2020-8622
https://kb.isc.org/docs/cve-2020-8623
https://kb.isc.org/docs/cve-2020-8624

Please note that BIND 9.13 and BIND 9.15 are unstable development branches that are obsoleted. No security updates will be provided. Users should arrange upgrading the BIND to the latest supported versions or migrating to other supported technology.

Affected Systems:

• BIND 9.0.0 to 9.11.21
• BIND 9.9.3-S1 to 9.11.21-S1
• BIND 9.11.3 to 9.11.21
• BIND 9.12.0 to 9.16.5
• BIND 9.17.0 to 9.17.3

Impact:

Depending on the vulnerability exploited, a successful attack could lead to denial of service or elevation of privilege.

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

• BIND 9.11.22
• BIND 9.16.6
• BIND 9.17.4

https://www.isc.org/download/

Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://kb.isc.org/docs/cve-2020-8620
https://kb.isc.org/docs/cve-2020-8621
https://kb.isc.org/docs/cve-2020-8622
https://kb.isc.org/docs/cve-2020-8623
https://kb.isc.org/docs/cve-2020-8624
https://kb.isc.org/docs/bind-9-end-of-life-dates
https://ftp.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.html
https://ftp.isc.org/isc/bind9/9.16.6/RELEASE-NOTES-bind-9.16.6.html
https://ftp.isc.org/isc/bind9/9.17.4/RELEASE-NOTES-bind-9.17.4.html
https://www.hkcert.org/my_url/en/alert/20082101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8620 (to CVE-2020-8624)