[3.6] bind: Multiple vulnerabilities (CVE-2018-5744, CVE-2018-5745, CVE-2019-6465)

CVE-2018-5744: A specially crafted packet can cause named to leak memory

A flaw was found in Bind. A failure to free memory can occur when processing messages having a specific combination of EDNS options,
causing named’s memory use to grow without bounds until all memory is exhausted.

Versions affected:

BIND 9.10.7 ->9.10.8-P1, 9.11.3 ->9.11.5-P1, 9.12.0 -> 9.12.3-P1

Reference:

https://kb.isc.org/docs/cve-2018-5744

CVE-2018-5745: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

A flaw was found in Bind. Due to an error in the managed-keys feature it is possible for a BIND server which
uses managed-keys to exit due to an assertion failure causing denial of service.

Versions affected:

BIND 9.9.0 ->9.10.8-P1, 9.11.0 ->9.11.5-P1, 9.12.0 -> 9.12.3-P1

Fixed In Version:

bind 9.11.5-P4, bind 9.12.3-P4

Reference:

https://kb.isc.org/docs/cve-2018-5745

CVE-2019-6465: Zone transfer controls for writable DLZ zones were not effective

A flaw was found in Bind. Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable.
A client exercising this defect can request and receive a zone transfers of a DLZ even when not permitted to do so by the allow-transfer ACL.

Versions affected:

BIND 9.9.0 ->9.10.8-P1, 9.11.0 ->9.11.5-P2, 9.12.0 -> 9.12.3-P2

Fixed In Version:

bind 9.11.5-P4, bind 9.12.3-P4

Reference:

https://kb.isc.org/docs/cve-2019-6465

(from redmine: issue id 10169, created on 2019-03-27, closed on 2019-04-15)

Relations:
- parent #10164 (closed)
Changesets:
- Revision d6ab6c12 by Chris Ely on 2019-04-12T06:10:45Z:

main/bind: security upgrade to 9.11.5_p4

https://ftp.isc.org/isc/bind9/9.11.5-P4/RELEASE-NOTES-bind-9.11.5-P4.html

- CVE-2019-6465
- CVE-2018-5745
- CVE-2018-5744
- CVE-2018-5740
- CVE-2018-5738

Fixes #10169

With the release of BIND 9.11.0, ISC changed to the open source license
for BIND from the ISC license to the Mozilla Public License (MPL 2.0).

BIND 9.11 (Extended Support Version) will be supported until at least
December, 2021.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information