CVE-2018-5736

Priority
Description
An error in zone database reference counting can lead to an assertion
failure if a server which is running an affected version of BIND attempts
several transfers of a slave zone in quick succession. This defect could be
deliberately exercised by an attacker who is permitted to cause a
vulnerable server to initiate zone transfers (for example: by sending valid
NOTIFY messages), causing the named process to exit after failing the
assertion test. Affects BIND 9.12.0 and 9.12.1.
Notes
ratliff9.12 only
Package
Source: bind9 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
More Information

Updated: 2019-12-05 18:51:03 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)