Security Alert (A21-10-22): Vulnerability in ISC BIND

Description:

ISC has released a security update to fix a vulnerability in BIND.  The details of the security update can be found at:

This link will open in a new windowhttps://kb.isc.org/v1/docs/cve-2021-25219

Affected Systems:

• BIND 9.3.0 to 9.11.35
• BIND 9.12.0 to 9.16.21
• BIND 9.17.0 to 9.17.18
• BIND 9.9.3-S1 to 9.11.35-S1
• BIND 9.16.8-S1 to 9.16.21-S1

Impact:

Successful exploitation of the vulnerability could lead to denial of service on an affected system.

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

• BIND 9.11.36
• BIND 9.16.22
• BIND 9.17.19
• BIND 9.11.36-S1
• BIND 9.16.22-S1

The patches can be downloaded at the following URLs:

This link will open in a new windowhttps://www.isc.org/download

Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• This link will open in a new windowhttps://kb.isc.org/v1/docs/cve-2021-25219
• This link will open in a new windowhttps://downloads.isc.org/isc/bind9/9.11.36/RELEASE-NOTES-bind-9.11.36.html
• This link will open in a new windowhttps://downloads.isc.org/isc/bind9/9.16.22/doc/arm/html/notes.html
• This link will open in a new windowhttps://downloads.isc.org/isc/bind9/9.17.19/doc/arm/html/notes.html
• This link will open in a new windowhttps://www.hkcert.org/security-bulletin/isc-bind-denial-of-service-vulnerability_20211029
• This link will open in a new windowhttps://us-cert.cisa.gov/ncas/current-activity/2021/10/28/isc-releases-security-advisory-bind
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219