Serious BIND 9 Vulnerabilities Patched

By

The ISC advises upgrading now.

The Internet Systems Consortium (ISC) has released updates to address two serious vulnerabilities in the widely deployed BIND DNS server, reports Dennis Fisher.

“The first vulnerability (CVE-2023-3341) is in the portion of BIND that processes control channel messages. In some cases, that code can exhaust all of the available stack memory, which would force named to exit,” says Fisher. The second flaw (CVE-2023-4236) relates to code that handles DNS-over-TLS requests.

See details at Decipher.
 
 

 
 

10/02/2023
comments powered by Disqus