One of my cow-orkers found a working ASA version (or at least, one where none of the bugs affect us). 9.4(2.6) has the IKE code patched, doesn’t have the “unicorn” bug, and doesn’t have this new SMB problem that the more recent version has. But yeah, there could be more in the pipe, and Cisco is definitely working on the 9.5 version right now.
That’s true. The Gnu C Library supports a lot more than just DNS services. For DNS servers, though, you can always reboot any time - unless you haven’t implemented the standardized redundant, geographically dispersed and fault tolerant architecture that DNS is always supposed to have. Your clients have three DNS servers they know about (or two, if you are a really really small network) and you wait for each one to come back up before you reboot the next one. Nobody notices it even happened.
