bind: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named (CVE-2018-5740)
“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a defect in this
feature makes it easy, when the feature is in use, to experience an
assertion failure in name.c.
Fixed In Version:
bind 9.9.13-P1, bind 9.10.8-P1, bind 9.11.4-P1, bind 9.12.2-P1, bind 9.11.3-S3
Reference:
https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
(from redmine: issue id 9357, created on 2018-08-29, closed on 2018-09-10)
- Relations:
- child #9358 (closed)
- child #9359 (closed)
- child #9360 (closed)
- child #9361 (closed)