Project

General

Profile

Bug #9463

Bug #9461: bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)

[3.8] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)

Added by Alicha CH 4 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
09/25/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:
CVE-2018-5741

Description

In order to provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were.

Versions affected:

The behavior described is present in all versions of BIND 9 which contain the krb5-subdomain and ms-subdomain update
policies prior to our upcoming maintenance releases, BIND 9.11.5 and 9.12.3. However, the misleading documentation
is not present in all versions.

References:

https://kb.isc.org/docs/cve-2018-5741
https://www.openwall.com/lists/oss-security/2018/09/19/11

Associated revisions

Revision e3ed6b4e (diff)
Added by Natanael Copa about 2 months ago

main/bind: security upgrade to 9.12.3 (CVE-2018-5741)

fixes #9463

History

#1 Updated by Natanael Copa about 2 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH about 2 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF