ArchLinux: 201609-29: bind: denial of service
Summary
Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause 'named' to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn't allowed to make queries (i.e. doesn't match 'allow-query').
Resolution
Upgrade to 9.10.4.P3-1.
# pacman -Syu "bind>=9.10.4.P3-1"
The problem has been fixed upstream in version 9.10.4.P3.
References
https://access.redhat.com/security/cve/CVE-2016-2776
Workaround
None.