[3.5] bind: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named (CVE-2018-5740)
“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a defect in this
feature makes it easy, when the feature is in use, to experience an
assertion failure in name.c.
Fixed In Version:
bind 9.9.13-P1, bind 9.10.8-P1, bind 9.11.4-P1, bind 9.12.2-P1, bind 9.11.3-S3
Reference:
https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
(from redmine: issue id 9361, created on 2018-08-29, closed on 2018-09-10)
- Relations:
- parent #9357 (closed)
- Changesets:
- Revision 38babe0b by Natanael Copa on 2018-09-10T10:25:28Z:
main/bind: security upgrade to 9.10.8_p1 (CVE-2018-5740)
fixes #9361