CVE 2018-5741
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.
Related bugs and status
CVE-2018-5741 (Candidate) is related to these bugs:
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1906470 | CVE-2019-11068: libxslt: bypass of protection mechanism | StarlingX | High | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1906471 | CVE-2019-17006: nss: crypto primitives missing length checks | StarlingX | High | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1908088 | stx-tools: yum fails in Docker with misleading error messages | StarlingX | Low | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1908297 | populate_downloads.sh doesn't clean/backup old content | StarlingX | Low | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1908751 | mirror-check.sh failes for layered build | StarlingX | Low | Triaged | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1910130 | Build of 'compile' layer fails due to missing python3 dependencies | StarlingX | Critical | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1912139 | CVE-2018-19519: tcpdump: a stack-based buffer over-read | StarlingX | Medium | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1912682 | tools: Dockerfile: yum install silently ignores errors | StarlingX | Low | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1915050 | IPv6: All hosts remain offline after booting off the controller-0 | StarlingX | Critical | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1917901 | tb.sh create fails on rmdir /var/lib/mock | StarlingX | High | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1918154 | CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow | StarlingX | High | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1918477 | download_mirror.sh is slow | StarlingX | High | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1920024 | linuxsoft.cern.ch is no longer responding | StarlingX | High | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1923458 | basearch not always set | StarlingX | Medium | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1924691 | systemd sends tons of useless PropertiesChanged messages when a mount happens | StarlingX | Medium | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1926372 | CVE-2021-26937 screen segfault | StarlingX | High | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1926987 | Download_mirror.sh fails on 'flockflock' | StarlingX | Critical | Fix Released | ||
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1927137 | Docker build env fails on git-review | StarlingX | Critical | Fix Released | ||
