bind9.16-9.16.23-0.7.el8.1

エラータID: AXSA:2022-3875:02

Release date: 
Wednesday, October 5, 2022 - 01:00
Subject: 
bind9.16-9.16.23-0.7.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols. BIND includes a DNS server (named); a resolver library
(routines for applications to use when interfacing with DNS); and tools for
verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: BIND 9 resolvers configured to answer from cache with zero
stale-answer-timeout may terminate unexpectedly (CVE-2022-3080)
* bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)
* bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2022-3080
By sending specific queries to the resolver, an attacker can cause named to
crash.
CVE-2022-38177
By spoofing the target resolver with responses that have a malformed ECDSA
signature, an attacker can trigger a small memory leak. It is possible to
gradually erode available memory to the point where named crashes for lack of
resources.
CVE-2022-38178
By spoofing the target resolver with responses that have a malformed EdDSA
signature, an attacker can trigger a small memory leak. It is possible to
gradually erode available memory to the point where named crashes for lack of
resources.

Solution: 

Update packages.

CVEs: 
CVE-2022-3080
By sending specific queries to the resolver, an attacker can cause named to crash.
CVE-2022-38177
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
CVE-2022-38178
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Additional Info: 

N/A

Download: 

SRPMS
  1. bind9.16-9.16.23-0.7.el8.1.src.rpm
    MD5: bf7f0391f3086970b1d60de414e2fca5
    SHA-256: c8d9b838c8913d73714a0367f9c3885b9b64c1f7d7445a38b9e2cd33ee87e795
    Size: 5.03 MB

Asianux Server 8 for x86_64
  1. bind9.16-9.16.23-0.7.el8.1.x86_64.rpm
    MD5: fc9892b8ff201730d5be738e05e4cddf
    SHA-256: 825a70375585bc3afd1b39be087a47e37246ab29cc2e3416b90f14526941eb8b
    Size: 601.14 kB
  2. bind9.16-chroot-9.16.23-0.7.el8.1.x86_64.rpm
    MD5: e54f04416158207011de0b03d3085505
    SHA-256: 2c97d6c50e993df499b683597479eb2450d073769e4fe5f6b42b87a6ae6ddc06
    Size: 109.39 kB
  3. bind9.16-libs-9.16.23-0.7.el8.1.x86_64.rpm
    MD5: d7b12bdc5e6240356fb8debd1112dabf
    SHA-256: cbd4754405d28e55dcd87861bced7c29dfca5cb8ba7f478ad498bb3ba53614f1
    Size: 1.35 MB
  4. bind9.16-license-9.16.23-0.7.el8.1.noarch.rpm
    MD5: 3ee4795ec949085bb11eeaf574ee1f48
    SHA-256: a17fee2ab694111f633ddf108725d232380de5dbd1b4040b45c3113becd24fd3
    Size: 105.73 kB
  5. bind9.16-utils-9.16.23-0.7.el8.1.x86_64.rpm
    MD5: 21f2f6567214c5243712be3cf56d58b5
    SHA-256: 3d7f152a0c62fdd547d3197ba87c64c3680bace320a0ddc0fe07e17764f705b1
    Size: 287.38 kB