Security Alert (A21-02-07): Vulnerability in ISC BIND
18 February 2021
ISC has released a security update to fix a vulnerability in BIND. This vulnerability only affects servers configured to use GSS-TSIG. The details of the security update can be found at:
Please note that BIND 9.13 and BIND 9.15 are unstable development branches that are obsoleted. No security updates will be provided. Users should arrange upgrading the BIND to the latest supported versions or migrating to other supported technology.
BIND 9.5.0 to 9.11.27
BIND 9.12.0 to 9.16.11
BIND 9.11.3-S1 to 9.11.27-S1
BIND 9.16.8-S1 to 9.16.11-S1
BIND 9.17.0 to 9.17.1
Successful exploitation of the vulnerability could lead to system crash or potentially remote code execution.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
The patches can be downloaded at the following URLs:
Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.