Alert GCSA-23012 - Vulnerabilita' in ISC BIND
******************************************************************
Alert ID: GCSA-23012
Data: 27 gennaio 2023
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni
del server DNS BIND.
Oltre a correggere alcuni bug e a migliorare delle funzionalita',
queste nuove versioni risolvono varie vulnerabilita' di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.16.0 -> 9.16.36
BIND 9.18.0 -> 9.18.10
BIND 9.19.0 -> 9.19.8
BIND Supported Preview Edition 9.16.8-S1 -> 9.16.36-S1
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.16.37
https://downloads.isc.org/isc/bind9/9.16.37/doc/arm/html/notes.html
BIND 9.18.11
https://downloads.isc.org/isc/bind9/9.18.11/doc/arm/html/notes.html
BIND 9.19.9
https://downloads.isc.org/isc/bind9/9.19.9/doc/arm/html/notes.html
BIND Supported Preview Edition 9.16.37-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2022-3094
https://kb.isc.org/docs/cve-2022-3488
https://kb.isc.org/docs/cve-2022-3736
https://kb.isc.org/docs/cve-2022-3924
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
New BIND releases are available
https://lists.isc.org/pipermail/bind-announce/2023-January/001229.html
Debian
https://www.debian.org/security/2023/dsa-5329
https://www.debian.org/security/index.it.html
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2022-3924
https://www.cve.org/CVERecord?id=CVE-2022-3736
https://www.cve.org/CVERecord?id=CVE-2022-3488
https://www.cve.org/CVERecord?id=CVE-2022-3094
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCY9O4aA0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCHC8AoKVVHZIAl3OeXcZ7aXGGe1UEO7woAKCnNYclCotq
QQzsPucTTzOWYl/I+w==
=FVgr
-----END PGP SIGNATURE-----
Alert ID: GCSA-23012
Data: 27 gennaio 2023
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni
del server DNS BIND.
Oltre a correggere alcuni bug e a migliorare delle funzionalita',
queste nuove versioni risolvono varie vulnerabilita' di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.16.0 -> 9.16.36
BIND 9.18.0 -> 9.18.10
BIND 9.19.0 -> 9.19.8
BIND Supported Preview Edition 9.16.8-S1 -> 9.16.36-S1
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.16.37
https://downloads.isc.org/isc/bind9/9.16.37/doc/arm/html/notes.html
BIND 9.18.11
https://downloads.isc.org/isc/bind9/9.18.11/doc/arm/html/notes.html
BIND 9.19.9
https://downloads.isc.org/isc/bind9/9.19.9/doc/arm/html/notes.html
BIND Supported Preview Edition 9.16.37-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2022-3094
https://kb.isc.org/docs/cve-2022-3488
https://kb.isc.org/docs/cve-2022-3736
https://kb.isc.org/docs/cve-2022-3924
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
New BIND releases are available
https://lists.isc.org/pipermail/bind-announce/2023-January/001229.html
Debian
https://www.debian.org/security/2023/dsa-5329
https://www.debian.org/security/index.it.html
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2022-3924
https://www.cve.org/CVERecord?id=CVE-2022-3736
https://www.cve.org/CVERecord?id=CVE-2022-3488
https://www.cve.org/CVERecord?id=CVE-2022-3094
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCY9O4aA0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCHC8AoKVVHZIAl3OeXcZ7aXGGe1UEO7woAKCnNYclCotq
QQzsPucTTzOWYl/I+w==
=FVgr
-----END PGP SIGNATURE-----