Description:

ISC has released a security update to fix a vulnerability in BIND. This vulnerability only affects servers configured to use GSS-TSIG.  The details of the security update can be found at:

https://kb.isc.org/v1/docs/cve-2020-8625

Please note that BIND 9.13 and BIND 9.15 are unstable development branches that are obsoleted. No security updates will be provided. Users should arrange upgrading the BIND to the latest supported versions or migrating to other supported technology.

Affected Systems:

• BIND 9.5.0 to 9.11.27
• BIND 9.12.0 to 9.16.11
• BIND 9.11.3-S1 to 9.11.27-S1
• BIND 9.16.8-S1 to 9.16.11-S1
• BIND 9.17.0 to 9.17.1

Impact:

Successful exploitation of the vulnerability could lead to system crash or potentially remote code execution.

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

• BIND 9.11.28
• BIND 9.16.12
• BIND 9.11.28-S1
• BIND 9.16.12-S1

The patches can be downloaded at the following URLs:

https://www.isc.org/download/

Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://kb.isc.org/v1/docs/cve-2020-8625
• https://kb.isc.org/docs/bind-9-end-of-life-dates
• https://downloads.isc.org/isc/bind9/9.11.28/RELEASE-NOTES-bind-9.11.28.html
• https://downloads.isc.org/isc/bind9/9.16.12/RELEASE-NOTES-bind-9.16.12.html
• https://downloads.isc.org/isc/bind9/9.17.10/RELEASE-NOTES-bind-9.17.10.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625