<div dir="ltr">On March 16 2022, we (Internet Systems Consortium) disclosed four<br>
vulnerabilities affecting our BIND 9 software:<br>
<br>
   CVE-2021-25220: DNS forwarders - cache poisoning vulnerability<br>
   <a href="https://kb.isc.org/docs/CVE-2021-25220" rel="noreferrer" target="_blank">https://kb.isc.org/docs/CVE-2021-25220</a><br>
<br>
   CVE-2022-0396: DoS from specifically crafted TCP packets<br>
   <a href="https://kb.isc.org/docs/cve-2022-0396" rel="noreferrer" target="_blank">https://kb.isc.org/docs/cve-2022-0396</a><br>
<br>
   CVE-2022-0635: DNAME insist with synth-from-dnssec enabled<br>
   <a href="https://kb.isc.org/docs/cve-2022-0635" rel="noreferrer" target="_blank">https://kb.isc.org/docs/cve-2022-0635</a><br>
<br>
   CVE-2022-0667: Assertion failure on delayed DS lookup<br>
   <a href="https://kb.isc.org/docs/cve-2022-0667" rel="noreferrer" target="_blank">https://kb.isc.org/docs/cve-2022-0667</a><br>
<br>
New versions of BIND are available from <a href="https://www.isc.org/downloads" rel="noreferrer" target="_blank">https://www.isc.org/downloads</a><br>
<br>
Operators and package maintainers who prefer to apply patches<br>
selectively can find individual vulnerability-specific patches in the<br>
"patches" subdirectory of the release directories for our three stable<br>
release branches (9.11. 9.16 and 9.18)<br>
<br>
   <a href="https://downloads.isc.org/isc/bind9/9.11.37/patches/" rel="noreferrer" target="_blank">https://downloads.isc.org/isc/bind9/9.11.37/patches/</a><br>
   <a href="https://downloads.isc.org/isc/bind9/9.16.27/patches/" rel="noreferrer" target="_blank">https://downloads.isc.org/isc/bind9/9.16.27/patches/</a><br>
   <a href="https://downloads.isc.org/isc/bind9/9.18.1/patches/" rel="noreferrer" target="_blank">https://downloads.isc.org/isc/bind9/9.18.1/patches/</a><br>
<br>
With the public announcement of these vulnerabilities, the embargo<br>
period is ended and any updated software packages that have been<br>
prepared may be released.<font color="#888888"><br>
-- <br>
Everett B. Fulton<br>
ISC Support</font><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>===</div><div>Computer Security Incident Response Team - CSIRT</div><div>Universidade Estadual de Campinas - Unicamp</div><div>Centro de Computacao - CCUEC</div><div>GnuPG Public Key: <a href="http://www.security.unicamp.br/security.asc" target="_blank">http://www.security.unicamp.br/security.asc</a> [^]</div><div>Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830</div></div></div></div></div>