Last Updated on September 5, 2019 by Dave Farquhar
A buffer overflow vulnerability exists in a large number of versions of BIND. CERT released an advisory over the weekend. I haven’t seen this on most news sites yet.
An updated Debian package that follows CERT’s recommendations is already available. A little apt-get update && apt-get upgrade will do you.
Check your Linux/BSD/Unix distribution. Since this isn’t on a lot of the news sites yet, a Usenet (Google Groups) search on your particular flavor along with CERT VA-2002-19 is probably your best bet for finding relevant information.
Just be aware that this is an issue with the resolver libraries, not with the BIND server (named) itself.