New BIND releases are available: 9.11.31, 9.16.15, and 9.17.12

Our April maintenance releases of BIND are available and can be downloaded from the ISC software download page, https://www.isc.org/download In addition to bug fixes and feature improvements, these releases also contain fixes for several security vulnerabilities, CVE-2021-25214, CVE-2021-25215,

CVE-2021-25215: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

CVE: CVE-2021-25215 Document version:2.0 Posting date:28 April 2021 Program impacted:BIND Versions affected: BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1

CVE-2021-25216: A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack

CVE: CVE-2021-25216 Document version:2.0 Posting date:28 April 2021 Program impacted:BIND Versions affected: BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1

CVE-2021-25214: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly

CVE: CVE-2021-25214 Document version:2.0 Posting date:28 April 2021 Program impacted:BIND Versions affected: BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->