Alert GCSA-21020 - Vulnerabilita' in ISC BIND
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-21020
Data: 19 febbraio 2021
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
E' stata identificata una vulnerabilita' in ISC BIND che potrebbe
essere sfruttata da un attaccante remoto per provocare condizioni
di Denial of Service ed esecuzione di codice arbitrario in un sistema che ne sia affetto.
Maggiori informazioni sono disponibili nelle segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
BIND Versioni:
9.5.0 -> 9.11.27
9.12.0 -> 9.16.11
BIND Supported Preview Edition: 9.11.3-S1 -> 9.11.27-S1
BIND Supported Preview Edition: 9.16.8-S1 -> 9.16.11-S1
BIND 9.17 development branch: 9.17.0 -> 9.17.1
:: Impatto
Denial of Service
Remote Code Execution
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.11.28
BIND 9.16.12
BIND 9.11.28-S1
BIND 9.16.12-S1
http://www.isc.org/downloads
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/v1/docs/cve-2020-8625
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
AusCERT
https://www.auscert.org.au/bulletins/ESB-2021.0611
Original Bulletin
https://lists.isc.org/pipermail/bind-announce/2021-February/001176.html
https://lists.isc.org/pipermail/bind-announce/2021-February/001177.html
https://lists.isc.org/pipermail/bind-announce/2021-February/001178.html
https://lists.isc.org/pipermail/bind-announce/2021-February/001179.html
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFgL4jowZxMk2USYEIRAo1RAJ9K4qt32PV+SSkBxGIwQA74ZViVqgCffBrw
jlg2SZyFsGR+KjoiZZV5/+A=
=Druj
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-21020
Data: 19 febbraio 2021
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
E' stata identificata una vulnerabilita' in ISC BIND che potrebbe
essere sfruttata da un attaccante remoto per provocare condizioni
di Denial of Service ed esecuzione di codice arbitrario in un sistema che ne sia affetto.
Maggiori informazioni sono disponibili nelle segnalazioni ufficiali
alla sezione "Riferimenti".
:: Software interessato
BIND Versioni:
9.5.0 -> 9.11.27
9.12.0 -> 9.16.11
BIND Supported Preview Edition: 9.11.3-S1 -> 9.11.27-S1
BIND Supported Preview Edition: 9.16.8-S1 -> 9.16.11-S1
BIND 9.17 development branch: 9.17.0 -> 9.17.1
:: Impatto
Denial of Service
Remote Code Execution
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.11.28
BIND 9.16.12
BIND 9.11.28-S1
BIND 9.16.12-S1
http://www.isc.org/downloads
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/v1/docs/cve-2020-8625
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
AusCERT
https://www.auscert.org.au/bulletins/ESB-2021.0611
Original Bulletin
https://lists.isc.org/pipermail/bind-announce/2021-February/001176.html
https://lists.isc.org/pipermail/bind-announce/2021-February/001177.html
https://lists.isc.org/pipermail/bind-announce/2021-February/001178.html
https://lists.isc.org/pipermail/bind-announce/2021-February/001179.html
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFgL4jowZxMk2USYEIRAo1RAJ9K4qt32PV+SSkBxGIwQA74ZViVqgCffBrw
jlg2SZyFsGR+KjoiZZV5/+A=
=Druj
-----END PGP SIGNATURE-----