[manjaro-security] [ASA-201805-20] bind: denial of service
Jelle van der Waa
jelle at archlinux.org
Thu May 24 20:48:25 CEST 2018
Arch Linux Security Advisory ASA-201805-20
Date : 2018-05-20
CVE-ID : CVE-2018-5736 CVE-2018-5737
Package : bind
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-706
The package bind before version 9.12.1.P2-1 is vulnerable to denial of
Upgrade to 9.12.1.P2-1.
# pacman -Syu "bind>=9.12.1.P2-1"
The problems have been fixed upstream in version 9.12.1.P2.
For servers which must receive notifies to keep slave zone contents
current, no complete workarounds are known although restricting BIND to
only accept NOTIFY messages from authorised sources can greatly
mitigate the risk of attack.
Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of
this vulnerability (but will effectively disable the serve-stale
- CVE-2018-5736 (denial of service)
An error in zone database reference counting can lead to an assertion
failure if a server which is running an affected version of BIND
attempts several transfers of a slave zone in quick succession.
- CVE-2018-5737 (denial of service)
A problem with the implementation of the new serve-stale feature in
BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-
answer-enable is off.
A remote attacker is able to cause a denial of service via crafted
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: not available
More information about the manjaro-security