bind: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named (CVE-2018-5740)
“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c.
Fixed In Version:
bind 9.9.13-P1, bind 9.10.8-P1, bind 9.11.4-P1, bind 9.12.2-P1, bind 9.11.3-S3
(from redmine: issue id 9357, created on 2018-08-29, closed on 2018-09-10)