[3.8] bind: Multiple vulnerabilities (CVE-2018-5736, CVE-2018-5737)
CVE-2018-5736: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c
An error in zone database reference counting can lead to an assertion
failure if a server which is running an
affected version of BIND attempts several transfers of a slave zone in
quick succession.
This defect could be deliberately exercised by an attacker who is
permitted to cause a vulnerable server to initiate zone
transfers (for example: by sending valid NOTIFY messages), causing the
named process to exit after failing the assertion test.
Affected versions:
9.12.0 and 9.12.1
Reference:
Patch:
https://ftp.isc.org/isc/bind9/9.12.1-P2/patches/cve5736.patch
CVE-2018-5737: BIND 9.12’s serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.
A problem with the implementation of the new serve-stale feature in BIND
9.12 can lead to an assertion failure in rbtdb.c,
even when stale-answer-enable is off. Additionally, problematic
interaction between the serve-stale feature and NSEC aggressive
negative caching can in some cases cause undesirable behavior from
named, such as a recursion loop or excessive logging.
Affected versions:
9.12.0 and 9.12.1
Reference:
Patch:
https://ftp.isc.org/isc/bind9/9.12.1-P2/patches/cve5737.patch
(from redmine: issue id 8922, created on 2018-05-21, closed on 2018-05-22)