Alert GCSA-22109 - Vulnerabilita' in ISC BIND
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-22109
Data: 22 settembre 2022
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni
del server DNS BIND.
Oltre a correggere alcuni bug e a migliorare delle funzionalita',
queste nuove versioni risolvono varie vulnerabilita' di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.0.0 -> 9.16.32
BIND 9.18.0 -> 9.18.6
BIND 9.19.0 -> 9.19.4
BIND Supported Preview Edition 9.9.3-S1 -> 9.11.37-S1
BIND Supported Preview Edition 9.16.8-S1 -> 9.16.32-S1
:: Impatto
Denial of Service (DoS)
Accesso a dati riservati (ID)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.16.33
https://downloads.isc.org/isc/bind9/9.16.33/doc/arm/html/notes.html#notes-for-bind-9-16-33
BIND 9.18.7
https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html#notes-for-bind-9-18-7
BIND 9.19.5
https://downloads.isc.org/isc/bind9/9.19.5/doc/arm/html/notes.html#notes-for-bind-9-19-5
BIND Supported Preview Edition 9.16.33-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2022-2795
https://kb.isc.org/docs/cve-2022-2881
https://kb.isc.org/docs/cve-2022-2906
https://kb.isc.org/docs/cve-2022-3080
https://kb.isc.org/docs/cve-2022-38177
https://kb.isc.org/docs/cve-2022-38178
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
ISC Original Bulletin
https://lists.isc.org/pipermail/bind-announce/2022-September/001224.html
Ubuntu security notice
https://ubuntu.com/security/notices/USN-5626-1
https://ubuntu.com/security/notices/USN-5626-2
Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYywmHA0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCt38An1Z3oVpyqlDLG84OJINoUQ9kfnZVAKCQtZdulalm
pQMXejl8zg+xHsN3eA==
=XpUG
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-22109
Data: 22 settembre 2022
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni
del server DNS BIND.
Oltre a correggere alcuni bug e a migliorare delle funzionalita',
queste nuove versioni risolvono varie vulnerabilita' di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.0.0 -> 9.16.32
BIND 9.18.0 -> 9.18.6
BIND 9.19.0 -> 9.19.4
BIND Supported Preview Edition 9.9.3-S1 -> 9.11.37-S1
BIND Supported Preview Edition 9.16.8-S1 -> 9.16.32-S1
:: Impatto
Denial of Service (DoS)
Accesso a dati riservati (ID)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.16.33
https://downloads.isc.org/isc/bind9/9.16.33/doc/arm/html/notes.html#notes-for-bind-9-16-33
BIND 9.18.7
https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html#notes-for-bind-9-18-7
BIND 9.19.5
https://downloads.isc.org/isc/bind9/9.19.5/doc/arm/html/notes.html#notes-for-bind-9-19-5
BIND Supported Preview Edition 9.16.33-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2022-2795
https://kb.isc.org/docs/cve-2022-2881
https://kb.isc.org/docs/cve-2022-2906
https://kb.isc.org/docs/cve-2022-3080
https://kb.isc.org/docs/cve-2022-38177
https://kb.isc.org/docs/cve-2022-38178
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
ISC Original Bulletin
https://lists.isc.org/pipermail/bind-announce/2022-September/001224.html
Ubuntu security notice
https://ubuntu.com/security/notices/USN-5626-1
https://ubuntu.com/security/notices/USN-5626-2
Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYywmHA0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCt38An1Z3oVpyqlDLG84OJINoUQ9kfnZVAKCQtZdulalm
pQMXejl8zg+xHsN3eA==
=XpUG
-----END PGP SIGNATURE-----