The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Affected products and versions:

DHCP - 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6.  Older versions may also be affected but are well beyond their end-of-life (EOL).  Releases prior to 4.1.0 have not been tested.

BIND - 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1

CERT Bulgaria recommends users and administrators to review ISC Knowledge Base Articles AA-01541 and AA-01542 and apply the necessary updates or workarounds.

https://kb.isc.org/article/AA-01541

https://kb.isc.org/article/AA-01542

https://www.isc.org/downloads/bind/