Security Alert (A22-09-15): Multiple Vulnerabilities in ISC BIND


 

Published on: 22 September 2022

Description:

ISC has released a security update to fix the vulnerabilities in BIND. The details of the security update can be found at:

  • https://kb.isc.org/docs/cve-2022-2795
  • https://kb.isc.org/docs/cve-2022-2881
  • https://kb.isc.org/docs/cve-2022-2906
  • https://kb.isc.org/docs/cve-2022-3080
  • https://kb.isc.org/docs/cve-2022-38177
  • https://kb.isc.org/docs/cve-2022-38178

Please note that some versions including BIND 9.13 and BIND 9.15 have reached End-Of-Life (EOL). No security updates will be provided. Users should arrange upgrading the BIND to the latest supported versions or migrating to other supported technology.

 

Affected Systems:

  • BIND 9.0.0 to 9.16.32
  • BIND 9.18.0 to 9.18.6
  • BIND 9.19.0 to 9.19.4
  • BIND 9.9.3-S1 to 9.11.37-S1
  • BIND 9.16.8-S1 to 9.16.32-S1

 

Impact:

Successful exploitation of the vulnerabilities could lead to denial of service or information disclosure on an affected system.

 

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

  • BIND 9.16.33 (Current Stable)
  • BIND 9.18.7 (Current Stable)
  • BIND 9.19.5 (Development)
  • BIND 9.16.33-S1 (Supported Preview Edition)

The patches can be downloaded at the following URLs:
https://www.isc.org/download/

Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://kb.isc.org/docs/cve-2022-2795
  • https://kb.isc.org/docs/cve-2022-2881
  • https://kb.isc.org/docs/cve-2022-2906
  • https://kb.isc.org/docs/cve-2022-3080
  • https://kb.isc.org/docs/cve-2022-38177
  • https://kb.isc.org/docs/cve-2022-38178
  • https://downloads.isc.org/isc/bind9/9.16.33/doc/arm/html/notes.html
  • https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html
  • https://downloads.isc.org/isc/bind9/9.19.5/doc/arm/html/notes.html
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2881
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2906
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177 (to CVE CVE-2022-38178)


Tag: BIND , ISC
Tags