Advisories ยป MGASA-2018-0353

Updated bind packages fix security vulnerability

Publication date: 23 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5740


Updated bind packages fix security vulnerability:

In ISC BIND, a defect in thie "deny-answer-aliases" feature makes it easy,
when the feature is in use, to experience an assertion failure in name.c.
Accidental or deliberate triggering of this defect will cause a REQUIRE
assertion failure in named, causing the named process to stop execution
and resulting in denial of service to clients (CVE-2018-5740).

Note that only servers which have explicitly enabled the
"deny-answer-aliases" feature are at risk and disabling the feature
prevents exploitation.