Alert GCSA-23119 - Vulnerabilita' in ISC BIND
Alert ID: GCSA-23119
Data: 22 settembre 2023
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni
del server DNS BIND.
Oltre alle correzioni dei bug e a miglioramenti delle funzionalita',
queste versioni risolvono anche due vulnerabilita' di sicurezza.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.16.43 -> 9.16.44
BIND 9.18.18 -> 9.18.19
BIND 9.19.16 -> 9.19.17
BIND Supported Preview Edition 9.16.43-S1 -> 9.16.44-S1
BIND Supported Preview Edition 9.18.18-S1 -> 9.18.19-S1
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.16.44
https://downloads.isc.org/isc/bind9/9.16.44/doc/arm/html/notes.html
BIND 9.18.19
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html
BIND 9.19.17
https://downloads.isc.org/isc/bind9/9.19.17/doc/arm/html/notes.html
BIND Supported Preview Edition 9.16.44-S1
BIND Supported Preview Edition 9.18.19-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2023-4236
https://kb.isc.org/docs/cve-2023-3341
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
New BIND releases are available
https://lists.isc.org/pipermail/bind-announce/2023-September/001239.html
Ubuntu Security Notice
https://ubuntu.com/security/notices/USN-6390-1
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4236
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZQ1Pow0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCOzQAnRb0m/5AJrAmrcnxt7aK3eC+2iY8AJwOwOJ4tz3d
GjEsRUt419Jkw+oE5w==
=XVm7
-----END PGP SIGNATURE-----