Alert GCSA-23078 - Vulnerabilita' in ISC BIND
******************************************************************
Alert ID: GCSA-23078
Data: 23 giugno 2023
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni
del server DNS BIND, con le quali vengono risolte tre vulnerabilita'
di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.16.33 -> 9.16.41
BIND 9.18.7 -> 9.18.15
BIND 9.19.0 -> 9.19.13
BIND Supported Preview Edition 9.11.3-S1 -> 9.16.41-S1
BIND Supported Preview Edition 9.18.11-S1 -> 9.18.15-S1
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.16.42
https://downloads.isc.org/isc/bind9/9.16.42/doc/arm/html/notes.html
BIND 9.18.16
https://downloads.isc.org/isc/bind9/9.18.16/doc/arm/html/notes.html
BIND 9.19.14
https://downloads.isc.org/isc/bind9/9.19.14/doc/arm/html/notes.html
BIND Supported Preview Edition 9.16.42-S1
BIND Supported Preview Edition 9.18.16-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2023-2828
https://kb.isc.org/docs/cve-2023-2829
https://kb.isc.org/docs/cve-2023-2911
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
New BIND releases are available
https://lists.isc.org/pipermail/bind-announce/2023-June/001235.html
Ubuntu Security Notice
https://ubuntu.com/security/notices/USN-6183-1
Slackware Security Advisories
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.352294
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2023-2828
https://www.cve.org/CVERecord?id=CVE-2023-2829
https://www.cve.org/CVERecord?id=CVE-2023-2911
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZJVVXQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCLiIAn3BDlkaZXJvT7VDJhudEcWrFNKSFAJ9cxiHBe86+
J3ktA2jSIYdWpJ/vDw==
=s4EJ
-----END PGP SIGNATURE-----
Alert ID: GCSA-23078
Data: 23 giugno 2023
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni
del server DNS BIND, con le quali vengono risolte tre vulnerabilita'
di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.16.33 -> 9.16.41
BIND 9.18.7 -> 9.18.15
BIND 9.19.0 -> 9.19.13
BIND Supported Preview Edition 9.11.3-S1 -> 9.16.41-S1
BIND Supported Preview Edition 9.18.11-S1 -> 9.18.15-S1
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.16.42
https://downloads.isc.org/isc/bind9/9.16.42/doc/arm/html/notes.html
BIND 9.18.16
https://downloads.isc.org/isc/bind9/9.18.16/doc/arm/html/notes.html
BIND 9.19.14
https://downloads.isc.org/isc/bind9/9.19.14/doc/arm/html/notes.html
BIND Supported Preview Edition 9.16.42-S1
BIND Supported Preview Edition 9.18.16-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2023-2828
https://kb.isc.org/docs/cve-2023-2829
https://kb.isc.org/docs/cve-2023-2911
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
New BIND releases are available
https://lists.isc.org/pipermail/bind-announce/2023-June/001235.html
Ubuntu Security Notice
https://ubuntu.com/security/notices/USN-6183-1
Slackware Security Advisories
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.352294
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2023-2828
https://www.cve.org/CVERecord?id=CVE-2023-2829
https://www.cve.org/CVERecord?id=CVE-2023-2911
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZJVVXQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCLiIAn3BDlkaZXJvT7VDJhudEcWrFNKSFAJ9cxiHBe86+
J3ktA2jSIYdWpJ/vDw==
=s4EJ
-----END PGP SIGNATURE-----