Internet System Consortium releases BIND Patches

The Internet System Consortium has released updates for BIND to address multiple vulnerabilities. CVE-2011-2464 affects the following versions: 9.6.3; 9.6-ESV-R4 and later; 9.7.0 and later; 9.7.1 and later; 9.7.2 and later; 9.7.3 and later; 9.7.4b1; 9.8.0 and later; and 9.8.1b1. CVE-2011-2465 affects the following versions: 9.8.0 and later, and 9.8.1b1. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition. Additional information regarding these vulnerabilities can be found in US-CERT Vulnerability Notes VU#142646 and VU#137968.

US-CERT encourages users and administrators to review CVE-2011-2464 and CVE-2011-2465 and apply the respective patches to help mitigate the risks. Since BIND is often packaged in larger third-party applications or operating system distributions, users and administrators should check with their software vendors for updated versions.