Oval Definition:oval:com.ubuntu.bionic:def:201857370000000
Revision Date:2019-01-16Version:1
Title:CVE-2018-5737 on Ubuntu 18.04 LTS (bionic) - medium.
Description:A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-5737
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • NOT bind9 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT bind9-host package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT bind9utils package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT dnsutils package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libbind9-160 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libdns-export1100 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libdns1100 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libirs-export160 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libirs160 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libisc-export169 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libisc169 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libisccc-export160 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libisccc160 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libisccfg-export160 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT libisccfg160 package in bionic, while related to the CVE in some way, is not affected.
  • OR NOT liblwres160 package in bionic, while related to the CVE in some way, is not affected.
  • BACK