Security Alert (A22-09-15): Multiple Vulnerabilities in ISC BIND
22 September 2022
ISC has released a security update to fix the vulnerabilities in BIND. The details of the security update can be found at:
Please note that some versions including BIND 9.13 and BIND 9.15 have reached End-Of-Life (EOL). No security updates will be provided. Users should arrange upgrading the BIND to the latest supported versions or migrating to other supported technology.
BIND 9.0.0 to 9.16.32
BIND 9.18.0 to 9.18.6
BIND 9.19.0 to 9.19.4
BIND 9.9.3-S1 to 9.11.37-S1
BIND 9.16.8-S1 to 9.16.32-S1
Successful exploitation of the vulnerabilities could lead to denial of service or information disclosure on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
BIND 9.16.33 (Current Stable)
BIND 9.18.7 (Current Stable)
BIND 9.19.5 (Development)
BIND 9.16.33-S1 (Supported Preview Edition)
The patches can be downloaded at the following URLs: https://www.isc.org/download/
Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.