Arch Linux Security Advisory ASA-201507-22 ========================================== Severity: High Date : 2015-07-29 CVE-ID : CVE-2015-5477 Package : bind Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package bind before version 9.10.2.P3-1 is vulnerable to denial of service. Resolution ========== Upgrade to 9.10.2.P3-1. # pacman -Syu "bind>=9.10.2.P3-1" The problem has been fixed upstream in version 9.10.2.P3. Workaround ========== None. Description =========== A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet leading to denial of service. Impact ====== A remote attacker is able to trigger an assertion failure via a specially crafted DNS request packet that is resulting in unexpected application crash leading to denial of service. References ========== https://kb.isc.org/article/AA-01272/0 https://access.redhat.com/security/cve/CVE-2015-5477