Date: 03/04/2011 | Security Notices
BIND has announced a vulnerability that can result in a denial of service (server crash) caused by receipt of a specific remote dynamic update message.
Please be aware that this vulnerability will affect all servers that have BIND 9.7.1 or 9.7.2 installed. Parallels Plesk Panel 9.5 for windows and Parallels Plesk Panel 10 for windows ships with this version of bind and these servers should be upgraded to BIND 9.7.3 immediately.
When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur. This deadlock will cause the server to stop processing all requests. A high query rate and/or a high update rate will increase the probability of this condition.
How to upgrade BIND on Plesk Windows: http://kb.parallels.com/5542
Parallels will be providing upgraded versions as a patch and then again in the next major release.
Please remember to review all of your deployment policies as they relate to all servers with these versions of BIND.
This notification is made pursuant to our development policy of notifying users when critical security issues arise and making fixes available as soon as possible. Please ensure that this patch has already been applied as soon as possible.