Description:
ISC has released a security update to fix a vulnerability in BIND. This vulnerability only affects servers configured to use GSS-TSIG. The details of the security update can be found at:
https://kb.isc.org/v1/docs/cve-2021-25216
Affected Systems:
- BIND 9.5.0 to 9.11.29
- BIND 9.12.0 to 9.16.13
- BIND 9.11.3-S1 to 9.11.29-S1
- BIND 9.16.8-S1 to 9.16.13-S1
- BIND 9.17.0 to 9.17.1
Impact:
Successful exploitation of the vulnerability could lead to buffer overflow, system crash or potentially remote code execution on an affected system.
Recommendation:
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
- BIND 9.11.31
- BIND 9.16.15
- BIND 9.11.31-S1
- BIND 9.16.15-S1
The patches can be downloaded at the following URLs:
https://www.isc.org/download/
Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://kb.isc.org/v1/docs/cve-2021-25216
- https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.31.html
- https://downloads.isc.org/isc/bind9/9.16.15/RELEASE-NOTES-bind-9.16.15.html
- https://downloads.isc.org/isc/bind9/9.17.12/RELEASE-NOTES-bind-9.17.12.html
- https://www.hkcert.org/security-bulletin/isc-bind-multiple-vulnerabilities_20210429
- https://us-cert.cisa.gov/ncas/current-activity/2021/04/29/isc-releases-security-advisory-bind
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216