ArchLinux: 201902-25: bind: multiple issues
Summary
- CVE-2018-5744 (denial of service)
A failure to free memory can occur when processing messages having a
specific combination of EDNS options has been found in bind before
9.13.7. By exploiting this condition, an attacker can potentially cause
named's memory use to grow without bounds until all memory available to
the process is exhausted. Typically a server process is limited as to
the amount of memory it can use but if the named process is not limited
by the operating system all free memory on the server could be
exhausted.
- CVE-2018-5745 (denial of service)
"managed-keys" is a feature which allows a BIND resolver to
automatically maintain the keys used by trust anchors which operatorsconfigure for use in DNSSEC validation. Before 9.13.7, due to an error
in the managed-keys feature, it is possible for a BIND server which
uses managed-keys to exit due to an assertion failure if, during key
rollover, a trust anchor's keys are replaced with keys which use an
unsupported algorithm.
- CVE-2019-6465 (access restriction bypass)
Controls for zone transfers may not be properly applied to Dynamically
Loadable Zones (DLZs) if the zones are writable in bind before 9.13.7.
A client exercising this defect can request and receive a zone transfer
of a DLZ even when not permitted to do so by the allow-transfer ACL.
Resolution
Upgrade to 9.13.7-1.
# pacman -Syu "bind>=9.13.7-1"
The problems have been fixed upstream in version 9.13.7.
References
https://kb.isc.org/docs/cve-2018-5744 https://kb.isc.org/docs/cve-2018-5745 https://kb.isc.org/docs/cve-2019-6465 https://security.archlinux.org/CVE-2018-5744 https://security.archlinux.org/CVE-2018-5745 https://security.archlinux.org/CVE-2019-6465
Workaround
None.