[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] ISC has disclosed three vulnerabilities in BIND 9 (CVE-2022-3094, CVE-2022-3736, CVE-
From: Michał Kępień <michal () isc ! org>
Date: 2023-01-25 17:05:43
Message-ID: Y9FhZ0vKzTx4WTCH () larwa ! hq ! kempniu ! pl
[Download RAW message or body]
On 25 January 2023 we (Internet Systems Consortium) disclosed three vulnerabilities affecting \
our BIND 9 software:
- CVE-2022-3094: An UPDATE message flood may cause named to exhaust all available memory \
https://kb.isc.org/docs/cve-2022-3094
- CVE-2022-3736: named configured to answer from stale cache may terminate unexpectedly \
while processing RRSIG queries https://kb.isc.org/docs/cve-2022-3736
- CVE-2022-3924: named configured to answer from stale cache may terminate unexpectedly \
at recursive-clients soft quota https://kb.isc.org/docs/cve-2022-3924
New versions of BIND 9 are available from https://www.isc.org/downloads
Operators and package maintainers who prefer to apply patches selectively can find individual \
vulnerability-specific patches in the "patches" subdirectory of each published release \
directory:
- https://downloads.isc.org/isc/bind9/9.16.37/patches/
- https://downloads.isc.org/isc/bind9/9.18.11/patches/
- https://downloads.isc.org/isc/bind9/9.19.9/patches/
With the public announcement of these vulnerabilities, the embargo period is ended and any \
updated software packages that have been prepared may be released.
--
Best regards,
Michał Kępień
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic