Arch Linux 805 Published by

The following updates has been released for Arch Linux:

ASA-201805-19: libofx: denial of service
ASA-201805-20: bind: denial of service



ASA-201805-19: libofx: denial of service

Arch Linux Security Advisory ASA-201805-19
==========================================

Severity: Medium
Date : 2018-05-20
CVE-ID : CVE-2017-14731
Package : libofx
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-536

Summary
=======

The package libofx before version 0.9.13-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 0.9.13-1.

# pacman -Syu "libofx>=0.9.13-1"

The problem has been fixed upstream in version 0.9.13.

Workaround
==========

None.

Description
===========

ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted file, as demonstrated by an ofxdump
call.

Impact
======

A remote attacker is able to cause a denial of service via a specially
crafted file.

References
==========

https://bugs.archlinux.org/task/56544
https://github.com/libofx/libofx/issues/10
https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd
https://security.archlinux.org/CVE-2017-14731


ASA-201805-20: bind: denial of service

Arch Linux Security Advisory ASA-201805-20
==========================================

Severity: Medium
Date : 2018-05-20
CVE-ID : CVE-2018-5736 CVE-2018-5737
Package : bind
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-706

Summary
=======

The package bind before version 9.12.1.P2-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 9.12.1.P2-1.

# pacman -Syu "bind>=9.12.1.P2-1"

The problems have been fixed upstream in version 9.12.1.P2.

Workaround
==========

- CVE-2018-5736

For servers which must receive notifies to keep slave zone contents
current, no complete workarounds are known although restricting BIND to
only accept NOTIFY messages from authorised sources can greatly
mitigate the risk of attack.

- CVE-2018-5737

Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of
this vulnerability (but will effectively disable the serve-stale
feature.)

Description
===========

- CVE-2018-5736 (denial of service)

An error in zone database reference counting can lead to an assertion
failure if a server which is running an affected version of BIND
attempts several transfers of a slave zone in quick succession.

- CVE-2018-5737 (denial of service)

A problem with the implementation of the new serve-stale feature in
BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-
answer-enable is off.

Impact
======

A remote attacker is able to cause a denial of service via crafted
queries.

References
==========

http://marc.info/?i=6688abb0-fbc5-4c60-5876-66cdf36bb8bf@isc.org
https://kb.isc.org/article/AA-01602/74/CVE-2018-5736
https://kb.isc.org/article/AA-01606/74/CVE-2018-5737
https://security.archlinux.org/CVE-2018-5736
https://security.archlinux.org/CVE-2018-5737