Mageia Advisory: MGASA-2018-0353 - Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability

Publication date: 23 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5740

Description

Updated bind packages fix security vulnerability:

In ISC BIND, a defect in thie "deny-answer-aliases" feature makes it easy,
when the feature is in use, to experience an assertion failure in name.c.
Accidental or deliberate triggering of this defect will cause a REQUIRE
assertion failure in named, causing the named process to stop execution
and resulting in denial of service to clients (CVE-2018-5740).

Note that only servers which have explicitly enabled the
"deny-answer-aliases" feature are at risk and disabling the feature
prevents exploitation.

References

https://bugs.mageia.org/show_bug.cgi?id=23413
https://kb.isc.org/article/AA-01639
https://kb.isc.org/article/AA-01643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740

SRPMS

6/core

bind-9.10.8.P1-1.mga6

Advisories » MGASA-2018-0353

Updated bind packages fix security vulnerability

Description

References

SRPMS

6/core