Multiple vulnerabilities were found in ISC BIND software. A remote attacker may bypass the validity checks to replace data in the mirror zone or send specially crafted queries to cause BIND to exit.
Successful exploitation could lead to spoofing, security restriction bypass or denial of service on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.isc.org/docs/cve-2019-6475
https://kb.isc.org/docs/cve-2019-6476
https://www.hkcert.org/my_url/en/alert/19101801
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6476