CVE-2018-5743

NameCVE-2018-5743
DescriptionLimiting simultaneous TCP clients is ineffective
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4440-1
Debian Bugs927932

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie1:9.9.5.dfsg-9+deb8u15vulnerable
jessie (security)1:9.9.5.dfsg-9+deb8u17vulnerable
stretch1:9.10.3.dfsg.P4-12.3+deb9u4vulnerable
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u5fixed
bullseye, sid, buster1:9.11.5.P4+dfsg-5.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9source(unstable)1:9.11.5.P4+dfsg-4927932
bind9sourcestretch1:9.10.3.dfsg.P4-12.3+deb9u5DSA-4440-1

Notes

https://kb.isc.org/docs/cve-2018-5743
https://gitlab.isc.org/isc-projects/bind9/commit/9689ffc485df8f971f0ad81ab8ab1f5389493776
https://gitlab.isc.org/isc-projects/bind9/commit/55a7a458e30e47874d34bdf1079eb863a0512396
https://gitlab.isc.org/isc-projects/bind9/commit/9446629b730c59c4215f08d37fbaf810282fbccb
https://gitlab.isc.org/isc-projects/bind9/commit/87d431161450777ea093821212abfb52d51b36e3
https://gitlab.isc.org/isc-projects/bind9/commit/13f7c918b8720d890408f678bd73c20e634539d9
https://gitlab.isc.org/isc-projects/bind9/commit/d01023aaac35543daffbdf48464e320150235d41
Additionally: https://lists.isc.org/pipermail/bind-users/2019-April/101673.html
https://gitlab.isc.org/isc-projects/bind9/merge_requests/1864.patch

Search for package or bug name: Reporting problems