On July 26th a 0-day DNS vulnerability has been reported:CVE-2013-4854.
Fixed packages have been released by major Linux OS vendors:
RedHat released updated packages, RHEL5, RHEL6:
Fixed in security branch of Debian:
Ubuntu released packages as well: http://www.ubuntu.com/usn/usn-1910-1/.
So major Linux OS vendors responded with fixed packages.To fix the issue, please update bind packages using OS vendor repositories.
Bind supplied with Plesk 11.5, 11.0, 10.4 for Windows will be patched in the nearest update.
For Plesk for Windows, you can update Bind as below:
Download Bind distributive from: http://www.isc.org/downloads/.
Extract content of proposed .zip archive to
- Install vcredist_x86.exe which is included in Bind distributive. Just launch it and install on the server.