CVE-2018-5741 (retired)

Priority
Description
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS)
to update records in a zone, BIND 9 provides a feature called
update-policy. Various rules can be configured to limit the types of
updates that can be performed by a client, depending on the key used when
sending the update request. Unfortunately, some rule types were not
initially documented, and when documentation for them was added to the
Administrator Reference Manual (ARM) in change #3112, the language that was
added to the ARM at that time incorrectly described the behavior of two
rule types, krb5-subdomain and ms-subdomain. This incorrect documentation
could mislead operators into believing that policies they had configured
were more restrictive than they actually were. This affects BIND versions
prior to BIND 9.11.5 and BIND 9.12.3.
Notes
mdeslaurper the ISC advisory: "At the present time, ISC is not providing
any code changing the behavior of the update-policy feature."
deferring for now to see if the policy will change

documentation changes went into 9.11.5

we will not be changing the documentation in our stable releases
Package
Source: bind9 (LP Ubuntu Debian)
Upstream:released (9.11.5)
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 19.04 (Disco Dingo):released (1:9.11.5.P1+dfsg-1ubuntu2)
Ubuntu 19.10 (Eoan):released (1:9.11.5.P1+dfsg-1ubuntu2)
More Information

Updated: 2019-10-09 08:04:12 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)