ASA-201706-18 log original external raw

[ASA-201706-18] bind: denial of service
Arch Linux Security Advisory ASA-201706-18 ========================================== Severity: Medium Date : 2017-06-15 CVE-ID : CVE-2017-3140 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-301 Summary ======= The package bind before version 9.11.1.P1-1 is vulnerable to denial of service. Resolution ========== Upgrade to 9.11.1.P1-1. # pacman -Syu "bind>=9.11.1.P1-1" The problem has been fixed upstream in version 9.11.1.P1. Workaround ========== None. Description =========== A security issue has been found the Bind named DNS server < 9.11.1P1, leading to a denial of service. A remote attacker can make a vulnerable server configured to use a RPZ containing NSDNAME or NSIPpolicy rules enter an endless loop, querying the same sets of authoritative servers repeatedly, by sending a crafted query. Impact ====== A remote attacker can cause a denial of service of a vulnerable server using NSDNAME or NSIP RPZ policies by sending a crafted query. References ========== https://kb.isc.org/article/AA-01495 https://security.archlinux.org/CVE-2017-3140