ISC Releases Security Advisories for Multiple Versions of BIND 9
Update for the Berkeley Internet Name Domain system
Summary
Update for the Berkeley Internet Name Domain system
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
The Internet Systems Consortium (ISC) has released security updates that address four High and two Medium vulnerabilities in multiple version of ISC Berkeley Internet Name Domain (BIND). An attacker could exploit these vulnerabilities to cause a denial-of-service condition.
Remediation advice
Affected organisations are encouraged to review the ISC security advisories and apply the necessary updates or workarounds.
Remediation steps
| Type | Step |
|---|---|
| Patch |
CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code https://kb.isc.org/v1/docs/cve-2022-38178 |
| Patch |
CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code https://kb.isc.org/v1/docs/cve-2022-38177 |
| Patch |
CVE-2022-3080: BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly https://kb.isc.org/v1/docs/cve-2022-3080 |
| Patch |
CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only) https://kb.isc.org/v1/docs/cve-2022-2906 |
| Patch |
CVE-2022-2795: Processing large delegations may severely degrade resolver performance https://kb.isc.org/v1/docs/cve-2022-2795 |
| Patch |
CVE-2022-2881: Buffer overread in statistics channel code https://kb.isc.org/v1/docs/cve-2022-2881 |
Definitive source of threat updates
Last edited: 23 September 2022 12:18 pm