Alert GCSA-18006 - Vulnerabilita' in ISC BIND
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18006
Data: 19 gennaio 2018
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato
delle nuove versioni del server DNS BIND
che risolvono una vulnerabilita' grave.
Maggiori informazioni sono disponibili nella segnalazione ufficiale
alla sezione "Riferimenti".
:: Software interessato
BIND versioni
9.0.0 to 9.8.x
9.9.0 to 9.9.11
9.10.0 to 9.10.6
9.11.0 to 9.11.2
9.9.3-S1 to 9.9.11-S1
9.10.5-S1 to 9.10.6-S1
9.12.0a1 to 9.12.0rc1
:: Impatto
Denial of Service
:: Soluzioni
Aggiornare BIND alle seguenti versioni
BIND 9 version 9.9.11-P1
BIND 9 version 9.10.6-P1
BIND 9 version 9.11.2-P1
BIND 9 version 9.12.0rc2
BIND 9 version 9.9.11-S2
BIND 9 version 9.10.6-S2
http://www.isc.org/downloads
:: Riferimenti
ISC BIND Advisory
https://kb.isc.org/article/AA-01542
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html
Release Notes for BIND Version 9.10.6-P1
https://ftp.isc.org/isc/bind9/9.10.6-P1/RELEASE-NOTES-bind-9.10.6-P1.html
Mitre's CVE ID
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145
CERT Nazionale Italia
https://www.certnazionale.it/bollettini/2018/01/18/vulnerabilita-di-tipo-dos-in-isc-bind/
Debian Security Advisory
https://www.debian.org/security/2018/dsa-4089
Slackware Security Advisories
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.552055
Ubuntu Security Notice
https://www.ubuntu.com/usn/usn-3535-1/
https://www.ubuntu.com/usn/usn-3535-2/
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFaYiK9wZxMk2USYEIRAp8/AJ4lAX78ng+1IrPyG5fAPaBgDtiV5ACgrKNw
qvCNgl9jcP9j5RTf2JkRJHg=
=Shlo
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18006
Data: 19 gennaio 2018
Titolo: Vulnerabilita' in ISC BIND
******************************************************************
:: Descrizione del problema
L'Internet Systems Consortium (ISC) ha rilasciato
delle nuove versioni del server DNS BIND
che risolvono una vulnerabilita' grave.
Maggiori informazioni sono disponibili nella segnalazione ufficiale
alla sezione "Riferimenti".
:: Software interessato
BIND versioni
9.0.0 to 9.8.x
9.9.0 to 9.9.11
9.10.0 to 9.10.6
9.11.0 to 9.11.2
9.9.3-S1 to 9.9.11-S1
9.10.5-S1 to 9.10.6-S1
9.12.0a1 to 9.12.0rc1
:: Impatto
Denial of Service
:: Soluzioni
Aggiornare BIND alle seguenti versioni
BIND 9 version 9.9.11-P1
BIND 9 version 9.10.6-P1
BIND 9 version 9.11.2-P1
BIND 9 version 9.12.0rc2
BIND 9 version 9.9.11-S2
BIND 9 version 9.10.6-S2
http://www.isc.org/downloads
:: Riferimenti
ISC BIND Advisory
https://kb.isc.org/article/AA-01542
BIND 9 Security Vulnerability Matrix
https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html
Release Notes for BIND Version 9.10.6-P1
https://ftp.isc.org/isc/bind9/9.10.6-P1/RELEASE-NOTES-bind-9.10.6-P1.html
Mitre's CVE ID
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145
CERT Nazionale Italia
https://www.certnazionale.it/bollettini/2018/01/18/vulnerabilita-di-tipo-dos-in-isc-bind/
Debian Security Advisory
https://www.debian.org/security/2018/dsa-4089
Slackware Security Advisories
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.552055
Ubuntu Security Notice
https://www.ubuntu.com/usn/usn-3535-1/
https://www.ubuntu.com/usn/usn-3535-2/
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFaYiK9wZxMk2USYEIRAp8/AJ4lAX78ng+1IrPyG5fAPaBgDtiV5ACgrKNw
qvCNgl9jcP9j5RTf2JkRJHg=
=Shlo
-----END PGP SIGNATURE-----