Alert GCSA-24025 - Vulnerabilita' in ISC BIND
******************************************************************
Alert ID: GCSA-24025
Data: 14 Febbraio 2024
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato degli aggiornamenti
che risolvono alcune vulnerabilita' presenti nel server DNS BIND.
Tali vulnerabilita' potrebbero essere sfruttate da un attaccante remoto
per provocare condizioni di Denial of Service.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.0.0 to 9.16.45
BIND 9.18.0 to 9.18.21
BIND 9.19.0 to 9.19.19
BIND Supported Preview Edition 9.9.3-S1 to 9.11.37-S1
BIND Supported Preview Edition 9.16.8-S1 to 9.16.45-S1
BIND Supported Preview Edition 9.18.11-S1 to 9.18.21-S1
(Le versioni precedenti alla 9.11.37 non sono state valutate.)
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni:
BIND 9.16.48
BIND 9.18.24
BIND 9.19.21
BIND Supported Preview Edition 9.16.48-S1
BIND Supported Preview Edition 9.18.24-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2023-4408
https://kb.isc.org/docs/cve-2023-5517
https://kb.isc.org/docs/cve-2023-5679
https://kb.isc.org/docs/cve-2023-5680
https://kb.isc.org/docs/cve-2023-6516
https://kb.isc.org/docs/cve-2023-50387
https://kb.isc.org/docs/cve-2023-50868
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
Original Bulletin
https://lists.isc.org/pipermail/bind-announce/2024-February/
https://lists.isc.org/pipermail/bind-announce/2024-February/001246.html
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFlzJolwZxMk2USYEIRCKiRAJ0ZqS4IV92Xjb4e02SsU4+FsQYBMACeNgFV
/XEzAqcHQRuNJiVuLmvdsjk=
=ANGi
-----END PGP SIGNATURE-----
Alert ID: GCSA-24025
Data: 14 Febbraio 2024
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato degli aggiornamenti
che risolvono alcune vulnerabilita' presenti nel server DNS BIND.
Tali vulnerabilita' potrebbero essere sfruttate da un attaccante remoto
per provocare condizioni di Denial of Service.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND 9.0.0 to 9.16.45
BIND 9.18.0 to 9.18.21
BIND 9.19.0 to 9.19.19
BIND Supported Preview Edition 9.9.3-S1 to 9.11.37-S1
BIND Supported Preview Edition 9.16.8-S1 to 9.16.45-S1
BIND Supported Preview Edition 9.18.11-S1 to 9.18.21-S1
(Le versioni precedenti alla 9.11.37 non sono state valutate.)
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni:
BIND 9.16.48
BIND 9.18.24
BIND 9.19.21
BIND Supported Preview Edition 9.16.48-S1
BIND Supported Preview Edition 9.18.24-S1
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2023-4408
https://kb.isc.org/docs/cve-2023-5517
https://kb.isc.org/docs/cve-2023-5679
https://kb.isc.org/docs/cve-2023-5680
https://kb.isc.org/docs/cve-2023-6516
https://kb.isc.org/docs/cve-2023-50387
https://kb.isc.org/docs/cve-2023-50868
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
Original Bulletin
https://lists.isc.org/pipermail/bind-announce/2024-February/
https://lists.isc.org/pipermail/bind-announce/2024-February/001246.html
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFlzJolwZxMk2USYEIRCKiRAJ0ZqS4IV92Xjb4e02SsU4+FsQYBMACeNgFV
/XEzAqcHQRuNJiVuLmvdsjk=
=ANGi
-----END PGP SIGNATURE-----