http://www.isc.org/software/bind/advisories/cve-2011-2464

Today the ISC released information on a security issue on many versions of BIND9. If vulnerable they can shut down your bind and possible other things.

They suggest Upgrade to: 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.

Related cve on Bind 9.8 versions only:
http://www.isc.org/software/bind/advisories/cve-2011-2465

I'm on debian, and the latest package is only 9.6-ESV-R4, so I've manually compiled it to 9.6-ESV-R4-P3.

Im sure it will be patched eventually through all package systems.

I've Bind/Named 9.5.1 on all servers, and all of them tell me it'll be "Kept back":

The following packages have been kept back:
bind9 bind9-host bind9utils dnsutils
<shrugs>

Yea I believe its being excluded somewhere, however if you apt-get install bind9 - it will install the latest package (but note that at the moment it isn't patched for this bug).

Here is the guide for freebsd:

http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc

On centos/rhel5 we have BIND 9.3.4-P1, it is not vulnerable, is it?

On centos/rhel5 we have BIND 9.3.4-P1, it is not vulnerable, is it?

I think whe are i am using same version on centos :S

Im sure it will be patched eventually through all package systems.

Considering Centos 4.9 has bind-9.2.4 which has been depreciated since 2007 and Centos 5.6 has 9.3.6-P1, also deprecated since 2009.
I wouldn't hold my breath:(

That means nothing...just cause they dont change the major version doesnt mean they are not patched for vulnerabilities.

Can't tell if these versions are effected by this, or maybe several other issues.

http://www.isc.org/software/bind/versions

So the versions mentioned by propcgamer have passed the EOL too, and it says


End of life: critical security fixes may be issued if recently EOL'd

Now these aren't recently EOL'd.

It also says


Deprecated Do not use this version

So I wouldn't use these versions..

Same goes for @proHSP using 9.3.4-P1 - its deprecated and EOL'd. Unless you have a reliable source telling you its safe to use, I wouldn't assume it is.

That means nothing...just cause they dont change the major version doesnt mean they are not patched for vulnerabilities.

True, but we will have to see what their turnaround time will actually be on this.

The last update for centos 5's version of bind: http://lists.centos.org/pipermail/centos-announce/2010-December/017209.html

Correction: heres the last update available: https://rhn.redhat.com/errata/RHBA-2011-0032.html centos didn't make an announcement on their mailing list, even though its on the mirrors.