MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2017

MA-671.072017: MyCERT Advisory – ISC Releases Security Updates 

Date first published: 01/7/2017

1.0 Introduction
The Internet Systems Consortium (ISC) has released updates that address two vulnerabilities in BIND. Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01503 and AA-01504 and apply the necessary updates. 

2.0 Impact
Exploitation of this vulnerability may allow an attacker to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update.

3.0 Affected Products
The affected products of Bind is as listed below:
 Bind 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2

4.0 Recommendations

4.1 Upgrade to the patched release most closely related to your current version of BIND.
 BIND 9 versions 9.9.10-P2

 BIND 9 version 9.10.5-P2

 BIND 9 version 9.11.1-P2

 BIND 9 version 9.9.10-S3 and 9.10.5-S3
    BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.

Note: For current information, on which versions are actively supported, please see

4.2 For more information, please refer ISC Knowledge Base Articles AA-01503 and AA-01504

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)

Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)


Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT

Cyber999 Mobile Apps: IOS Users or Android Users

5.0 References