Multiple vulnerabilities were found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure which could cause the BIND to crash unexpectedly.
Successful exploitation could lead to a denial of service (DoS) condition on an affected system.
Internet Systems Consortium (ISC) has released the following patch to solve the problems:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.isc.org/article/AA-01602/74/CVE-2018-5736
https://kb.isc.org/article/AA-01606/74/CVE-2018-5737
https://www.hkcert.org/my_url/en/alert/18052102
https://www.us-cert.gov/ncas/current-activity/2018/05/18/ISC-Releases-Security-Advisories-BIND
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5737