Alert GCSA-25012 - Vulnerabilita' in ISC BIND
******************************************************************
Alert ID: GCSA-25012
Data: 30 gennaio 2025
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni del server DNS BIND.
Con queste versioni vengono risolte due vulnerabilita' di sicurezza con gravita' alta (CVSS score 7.5).
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND dalla versione 9.11.0 alla 9.11.37
BIND dalla versione 9.16.0 alla 9.16.50
BIND dalla versione 9.18.0 alla 9.18.32
BIND dalla versione 9.20.0 alla 9.20.4
BIND dalla versione 9.21.0 alla 9.21.3
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.18.33
https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-33
BIND 9.20.5
https://downloads.isc.org/isc/bind9/9.20.5/doc/arm/html/notes.html#notes-for-bind-9-20-5
BIND 9.21.4
https://downloads.isc.org/isc/bind9/9.21.4/doc/arm/html/notes.html#notes-for-bind-9-21-4
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2024-12705
https://kb.isc.org/docs/cve-2024-11187
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
New BIND releases are available
https://lists.isc.org/pipermail/bind-announce/2025-January/001268.html
Debian security announce
https://lists.debian.org/debian-security-announce/2025/msg00016.html
https://security-tracker.debian.org/tracker/DSA-5854-1
Ubuntu Security Notice
https://ubuntu.com/security/notices/USN-7241-1
Slackware Security Advisories
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.353626
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2024-12705
https://www.cve.org/CVERecord?id=CVE-2024-11187
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ5tb2g0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCje4AoKQfRv+dssTVSC+KIcMQ8r5J2vnIAJ9QFYHdW4EV
LpAU46GfxTaPNvofAQ==
=QqMC
-----END PGP SIGNATURE-----
Alert ID: GCSA-25012
Data: 30 gennaio 2025
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato nuove versioni del server DNS BIND.
Con queste versioni vengono risolte due vulnerabilita' di sicurezza con gravita' alta (CVSS score 7.5).
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
BIND dalla versione 9.11.0 alla 9.11.37
BIND dalla versione 9.16.0 alla 9.16.50
BIND dalla versione 9.18.0 alla 9.18.32
BIND dalla versione 9.20.0 alla 9.20.4
BIND dalla versione 9.21.0 alla 9.21.3
:: Impatto
Denial of Service (DoS)
:: Soluzioni
Aggiornare BIND alle ultime versioni
BIND 9.18.33
https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-33
BIND 9.20.5
https://downloads.isc.org/isc/bind9/9.20.5/doc/arm/html/notes.html#notes-for-bind-9-20-5
BIND 9.21.4
https://downloads.isc.org/isc/bind9/9.21.4/doc/arm/html/notes.html#notes-for-bind-9-21-4
https://www.isc.org/download/
:: Riferimenti
ISC BIND Security Advisory
https://kb.isc.org/docs/cve-2024-12705
https://kb.isc.org/docs/cve-2024-11187
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/docs/aa-00913
New BIND releases are available
https://lists.isc.org/pipermail/bind-announce/2025-January/001268.html
Debian security announce
https://lists.debian.org/debian-security-announce/2025/msg00016.html
https://security-tracker.debian.org/tracker/DSA-5854-1
Ubuntu Security Notice
https://ubuntu.com/security/notices/USN-7241-1
Slackware Security Advisories
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.353626
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2024-12705
https://www.cve.org/CVERecord?id=CVE-2024-11187
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ5tb2g0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCje4AoKQfRv+dssTVSC+KIcMQ8r5J2vnIAJ9QFYHdW4EV
LpAU46GfxTaPNvofAQ==
=QqMC
-----END PGP SIGNATURE-----