Arch Linux Security Advisory ASA-201805-20 ========================================== Severity: Medium Date : 2018-05-20 CVE-ID : CVE-2018-5736 CVE-2018-5737 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-706 Summary ======= The package bind before version 9.12.1.P2-1 is vulnerable to denial of service. Resolution ========== Upgrade to 9.12.1.P2-1. # pacman -Syu "bind>=9.12.1.P2-1" The problems have been fixed upstream in version 9.12.1.P2. Workaround ========== - CVE-2018-5736 For servers which must receive notifies to keep slave zone contents current, no complete workarounds are known although restricting BIND to only accept NOTIFY messages from authorised sources can greatly mitigate the risk of attack. - CVE-2018-5737 Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.) Description =========== - CVE-2018-5736 (denial of service) An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. - CVE-2018-5737 (denial of service) A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale- answer-enable is off. Impact ====== A remote attacker is able to cause a denial of service via crafted queries. References ========== http://marc.info/?i=6688abb0-fbc5-4c60-5876-66cdf36bb8bf@isc.org https://kb.isc.org/article/AA-01602/74/CVE-2018-5736 https://kb.isc.org/article/AA-01606/74/CVE-2018-5737 https://security.archlinux.org/CVE-2018-5736 https://security.archlinux.org/CVE-2018-5737