Amazon Linux 2 : bind (ALAS-2018-954)
Medium Nessus Plugin ID 109125
SynopsisThe remote Amazon Linux 2 host is missing a security update.
DescriptionImproper fetch cleanup sequencing in the resolver can cause named to crash
A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.
SolutionRun 'yum update bind' to update your system.