bind: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named (CVE-2018-5740)

“deny-answer-aliases” is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing
the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c.

Fixed In Version:

bind 9.9.13-P1, bind 9.10.8-P1, bind 9.11.4-P1, bind 9.12.2-P1, bind 9.11.3-S3

Reference:

https://kb.isc.org/article/AA-01639/74/CVE-2018-5740

(from redmine: issue id 9357, created on 2018-08-29, closed on 2018-09-10)

Relations:
- child #9358 (closed)
- child #9359 (closed)
- child #9360 (closed)
- child #9361 (closed)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information