エラータID: AXSA:2023-6229:02

Release date: 
Tuesday, July 18, 2023 - 01:47
Affected Channels: 
Asianux Server 8 for x86_64

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.


Update packages.

Additional Info: 



  1. bind9.16-9.16.23-0.14.el8.1.src.rpm
    MD5: c1deba26ffd47e153a94e980a4f22443
    SHA-256: 9bf9d4f13beb456326f880427e9809c532b13e42d1bc58b6c168d02faf6459bb
    Size: 5.06 MB

Asianux Server 8 for x86_64
  1. bind9.16-9.16.23-0.14.el8.1.x86_64.rpm
    MD5: 6bed843497771d1b915364154835e017
    SHA-256: eb40ff151b3077a8a5186510e474c90ef81759674faf4f308312e25bf9ca5bdf
    Size: 602.61 kB
  2. bind9.16-chroot-9.16.23-0.14.el8.1.x86_64.rpm
    MD5: adc37de122b0c5504b9d7335bef32415
    SHA-256: c81472bee153a389a70b429a3d00a9c4d7b0c44edc1415107d31cf607520a409
    Size: 110.46 kB
  3. bind9.16-devel-9.16.23-0.14.el8.1.i686.rpm
    MD5: 311edc115a5847e4dad980b23f9b0a74
    SHA-256: de2b0f433537cac22c0abd251f4d33010448ee11a4ab40da9c7c3b28759f283c
    Size: 426.02 kB
  4. bind9.16-devel-9.16.23-0.14.el8.1.x86_64.rpm
    MD5: bca9d430a915a7966a5c25317ec206ad
    SHA-256: 80037f7bfa61e926eb06dc6e0a7f632498de834bc88745e0a4606a90a6f6e7f0
    Size: 425.98 kB
  5. bind9.16-dnssec-utils-9.16.23-0.14.el8.1.x86_64.rpm
    MD5: 9b3b7e0e6ad09a5e7afbec3e92a23e20
    SHA-256: 92c4a066a014ede0fca00f1354600a778b476cdae8278b6723e1709618325ee6
    Size: 243.81 kB
  6. bind9.16-doc-9.16.23-0.14.el8.1.noarch.rpm
    MD5: 90d17f4628567f94c04ccb86248f18bf
    SHA-256: 45afddbcf1cae488ecf938e216e5794285076759a7e5c30630413fd267addd06
    Size: 3.67 MB
  7. bind9.16-libs-9.16.23-0.14.el8.1.i686.rpm
    MD5: 917d392435e38e74e136b7feab17b1d6
    SHA-256: c9ef3f8f365ac0949c55cceb2747d3fd787dee6a6924e52ac1cdec359fbe4b26
    Size: 1.45 MB
  8. bind9.16-libs-9.16.23-0.14.el8.1.x86_64.rpm
    MD5: a75cf15ff9b51d81a897358201190cfb
    SHA-256: 42e2bced6ab23faffc157df9553ba6fcc5e82eac9a5613396ff99715e02697da
    Size: 1.36 MB
  9. bind9.16-license-9.16.23-0.14.el8.1.noarch.rpm
    MD5: 780de59f071c5523f5bad5c8bcd3464c
    SHA-256: 86cd41060c7c3b3c11b31c599abb3cd4c861ccf93d10e803383878fddaa21fb1
    Size: 106.80 kB
  10. bind9.16-utils-9.16.23-0.14.el8.1.x86_64.rpm
    MD5: ba87da7de53b48dcfe5b6869a3946074
    SHA-256: 2cd4d0b0e310dfb59a4592cb0b68820a309d6130e8007b87ab7ab9c7412ef174
    Size: 288.75 kB
  11. python3-bind9.16-9.16.23-0.14.el8.1.noarch.rpm
    MD5: 77ecfee2d7dc608cd88290e23cb9e83a
    SHA-256: aede166d9c26f8957a8f02eb7739bc1e55bf4f51533b5f9b7ea8970e9e29aa10
    Size: 155.09 kB