ArchLinux: 201607-8: bind: denial of service
Summary
Although not commonly used, the BIND package contains provisions to
allow systems to resolve names using the lightweight resolver protocol,
a protocol similar to (but distinct from) the normal DNS protocols. The
lightweight resolver protocol can be used either by running the lwresd
utility installed with BIND or by configuring named using the "lwres"
statement in named.conf.
An error has been discovered in the BIND implementation of the
lightweight resolver protocol affecting systems which use this alternate
method to do name resolution. A server which is affected by this defect
will terminate with a segmentation fault error, resulting in a denial of
service to client programs attempting to resolve names.
Resolution
Upgrade to 9.10.4.P2-1.
# pacman -Syu "bind>=9.10.4.P2-1"
The problem has been fixed upstream in version 9.10.4.P2.
References
https://access.redhat.com/security/cve/CVE-2016-2775
Workaround
None.