- Plesk Onyx for Linux
- Plesk Onyx for Windows
Vulnerability CVE-2018-5743 in BIND DNS Server has been discovered on 24th of April, 2019.
Due to the vulnerability, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files.
In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.
Vulnerability affects the following operating system if BIND is used as DNS server:
- Debian 8
- Debian 9
- Ubuntu 16.04
- Ubuntu 18.04
- CentOS 6
- CentOS 7
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Cloud Linux 6
- Cloud Linux 7
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
Call to Action
NOTE: Plesk on Linux uses BIND installed from operating system repositories. Due to this fix should be provided and applied on OS vendor side.
Ubuntu 18.04, Ubuntu 16.04
According to Ubuntu security tracker, the vulnerability has been fixed in:
- BIND9 1:9.10.3.dfsg.P4-8ubuntu1.14 (Ubuntu 16.04);
- BIND9 1:9.11.3+dfsg-1ubuntu1.7 (Ubuntu 18.04).
To resolve the issue:
Login server via SSH;
Run the following command to update package:
# apt-get update && apt-get install --only-upgrade bind9
There is no official patch for BIND on other operating systems.
Check the following OS vendor bug trackers to be notified when package update is available:
There is no workaround at the moment.
Subscribe to that article by clicking "Follow" in the upper right corner to be notified about the update containing vulnerability patch.