Skip to main content

ISC Releases Security Advisory for BIND

Update for the Berkeley Internet Name Domain system

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Update for the Berkeley Internet Name Domain system


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

The Internet Systems Consortium (ISC) has released a security update that addresses a denial-of-service (DoS) vulnerability in versions of ISC BIND. 

If a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early, the named daemon may terminate with an assertion failure. A remote attacker could exploit this vulnerability to cause a DoS condition.


Remediation advice

Affected organisations are encouraged to review the ISC security advisory CVE-2022-1183: Destroying a TLS session early causes assertion failure and apply the necessary update.


Definitive source of threat updates


Last edited: 20 May 2022 1:30 pm