MyCERT Advisories, Alerts and Summaries for the year 2017
MA-671.072017: MyCERT Advisory – ISC Releases Security Updates
Date first published: 01/7/2017
The Internet Systems Consortium (ISC) has released updates that address two vulnerabilities in BIND. Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01503 and AA-01504 and apply the necessary updates.
Exploitation of this vulnerability may allow an attacker to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update.
3.0 Affected Products
The affected products of Bind is as listed below:
• Bind 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2
4.1 Upgrade to the patched release most closely related to your current version of BIND.
• BIND 9 versions 9.9.10-P2
• BIND 9 version 9.10.5-P2
• BIND 9 version 9.11.1-P2
• BIND 9 version 9.9.10-S3 and 9.10.5-S3
BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.
Note: For current information, on which versions are actively supported, please see http://www.isc.org/downloads/
4.2 For more information, please refer ISC Knowledge Base Articles AA-01503 and AA-01504
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT