Last Updated on September 5, 2019 by Dave Farquhar
A buffer overflow vulnerability exists in a large number of versions of BIND. CERT released an advisory over the weekend. I haven’t seen this on most news sites yet.
An updated Debian package that follows CERT’s recommendations is already available. A little apt-get update && apt-get upgrade will do you.
Check your Linux/BSD/Unix distribution. Since this isn’t on a lot of the news sites yet, a Usenet (Google Groups) search on your particular flavor along with CERT VA-2002-19 is probably your best bet for finding relevant information.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
Just be aware that this is an issue with the resolver libraries, not with the BIND server (named) itself.