Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 666946 (aa-01639, CVE-2018-5740, CVE-2018-5741) - <net-dns/bind-{9.11.4_p2, 9.12.2_p2}: assertion failure flaw in 'deny-answer-aliases'
Summary: <net-dns/bind-{9.11.4_p2, 9.12.2_p2}: assertion failure flaw in 'deny-answer-...
Alias: aa-01639, CVE-2018-5740, CVE-2018-5741
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: C3 [glsa+ cve]
Depends on: CVE-2018-5738
  Show dependency tree
Reported: 2018-09-24 05:16 UTC by D'juan McDonald (domhnall)
Modified: 2019-03-14 01:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2018-09-24 05:16:55 UTC
from $URL


"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers.  However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c.

Bug URL:

@maintainer(s): "ISC BIND 9.x versions prior to 9.11.4-P2 and 9.12.2-P2 are vulnerable. Not vulnerable version:

ISC Bind 9.13.3
ISC Bind 9.12.2-P2
ISC Bind 9.11.4-P2

Gentoo Security Padwan
Comment 1 D'juan McDonald (domhnall) 2018-09-25 20:58:25 UTC
@maintainer(s): any chance versions: 9.12.2_p1, 9.12.1_p2, 9.11.2_p1 are affected?
Comment 2 D'juan McDonald (domhnall) 2018-09-25 22:58:15 UTC
adding alias and additional link for tracking purposes:
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-11-25 00:22:50 UTC
@maintainers, please call for stable when ready.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2019-03-10 00:32:15 UTC
Stabilized from Bug #657654
GLSA Vote: Yes
Added to an existing GLSA Request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2019-03-14 01:42:24 UTC
This issue was resolved and addressed in
 GLSA 201903-13 at
by GLSA coordinator Aaron Bauman (b-man).