bind-9.11.36-11.el8_9.1, dhcp-4.3.6-49.el8_9.1.ML.1
エラータID: AXSA:2024-7687:01
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
Security Fix(es):
* bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)
* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-4408
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
Update packages.
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
N/A
SRPMS
- bind-9.11.36-11.el8_9.1.src.rpm
MD5: 305b8cb97efcfcc66ef7cb9b1be5b94a
SHA-256: 0b0d4615cd1fee96529b90fc3b22c3e109915750f0a3172f1df23738658b39b2
Size: 8.19 MB - dhcp-4.3.6-49.el8_9.1.ML.1.src.rpm
MD5: 38c55806fe0e7addb6c940d828be10bc
SHA-256: c37e7fa38c159af9b789e90e42f3227c5a0c39ed072331baf54aee4ca276472c
Size: 9.91 MB
Asianux Server 8 for x86_64
- bind-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 445dd7106290b09fbd544445a8b77344
SHA-256: ea072023188b6028c8661230f802ffd79a49f2ac271f3fc04c25f0fb9a459375
Size: 2.13 MB - bind-chroot-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 70752430f36e515d48cccb0265fd9ce0
SHA-256: 50463b11c9b142b407b6ea8e077fe33f2aa60cc19725692932621ff52f078eea
Size: 105.52 kB - bind-devel-9.11.36-11.el8_9.1.i686.rpm
MD5: 0088dceda277283343a19e3853671f90
SHA-256: af6b0a5d46e1f974d4b9ec725a4da523987192c2fd383640e71d40c61c298f8f
Size: 178.06 kB - bind-devel-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 925826b34e02b6dc701df0f647153b09
SHA-256: 82e72883683fac3de10fea993d1d41257e5c77f7ce18a80a20eb981f3043b624
Size: 178.06 kB - bind-export-devel-9.11.36-11.el8_9.1.i686.rpm
MD5: b53e8661d8bf0180b75562b26966d0b7
SHA-256: 836623db75d04a255a337e81fc0ef7e932b3a3e97b336691f321206c89806fc3
Size: 407.45 kB - bind-export-devel-9.11.36-11.el8_9.1.x86_64.rpm
MD5: e09859d2aa72f82f8b4e65d0f6d0d04b
SHA-256: 21b7d8b2690884bfa17f8094df6a91f7314c5d5155f5a51916ce9a7c1feef8bb
Size: 407.50 kB - bind-export-libs-9.11.36-11.el8_9.1.i686.rpm
MD5: 7889decd1212ca6a6b059271f8655168
SHA-256: f9aedc5aa244ce17a9fde4be317e8e7576e66be63c198ed1352ba1f751681ffb
Size: 1.21 MB - bind-export-libs-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 9d89728081b118cfbfea9e9a7d227898
SHA-256: 402ff8e7703c83be7cca4b2ba3d1416eee1b2f6792e734fc230a0af34b66c2ab
Size: 1.14 MB - bind-libs-9.11.36-11.el8_9.1.i686.rpm
MD5: 0f3a939752104aae1381f2331f298d9c
SHA-256: fda560c533864f125dfbaffdccfe35cc35f46475a1db56791ef011534abc5121
Size: 180.60 kB - bind-libs-9.11.36-11.el8_9.1.x86_64.rpm
MD5: d9bf92687f32a705b5c410c901c0b17b
SHA-256: 2aac217357a0dee495f7fca82ecae3c7c968e8c24b2f5ebb11a923704276f384
Size: 175.04 kB - bind-libs-lite-9.11.36-11.el8_9.1.i686.rpm
MD5: bfcbbef4cc0eac117f6eb1474f7a61cb
SHA-256: f518eb155131e2a447c1979276c2f2f03e5d025d62ae1bdde84ab0f8f94a53af
Size: 1.27 MB - bind-libs-lite-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 537d5b8319b74a155205d99219e0ab82
SHA-256: 822076ef1c155f99adeff61400790ec785dcfb845140e74752906887dca37eb6
Size: 1.19 MB - bind-license-9.11.36-11.el8_9.1.noarch.rpm
MD5: 8e4d7932bef70ce823f0631206436fc6
SHA-256: e218e845cff636e63438d24d8ee56c4f1123083546edf1fdd4d717472e42b51e
Size: 103.39 kB - bind-lite-devel-9.11.36-11.el8_9.1.i686.rpm
MD5: 8d8fb81395bc3fc9e4dd7941b502d56d
SHA-256: 14be81fb2b885fc26d47b3c5173dbe2f661bbfcfc79c426ec94f2bc417705154
Size: 400.69 kB - bind-lite-devel-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 901ad62c0525e86b45dce03cd351226a
SHA-256: f630056e7926103931fda993e0546984308fa952dd9928d0b1da4fb50969113e
Size: 400.71 kB - bind-pkcs11-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 1a7abdfaac0a211e43c1171083055744
SHA-256: 0f3cf5ba79a0480e1b52f49486ab7cbb56fc3e8372833beba68d028a466051b8
Size: 398.87 kB - bind-pkcs11-devel-9.11.36-11.el8_9.1.i686.rpm
MD5: 6cd087ba6a6c4e8d110ab2318d80c602
SHA-256: 43963aa49c50b7aa2be443793eb42ab4a7a26c258f345c0723b9daadd97f8450
Size: 115.61 kB - bind-pkcs11-devel-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 7e7b224dafc149238c314b89c3f63596
SHA-256: cfb4270722955db0c1cc3268f043857d9a35557a85310dfb305a4b2565eed187
Size: 115.60 kB - bind-pkcs11-libs-9.11.36-11.el8_9.1.i686.rpm
MD5: 04dc5c33275c75646b2aca0ae1e13541
SHA-256: fefeeedef1c295dcdf48bbf0b9eed6037a19623483267a01a487c8953162a305
Size: 1.21 MB - bind-pkcs11-libs-9.11.36-11.el8_9.1.x86_64.rpm
MD5: a2338cd4600e2cd2e577675d3c10650d
SHA-256: 6f5f2145e955b9aa0f881c8bb27e2fdc7d3639eb92ae4ba3e5d110e9c2268eac
Size: 1.13 MB - bind-pkcs11-utils-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 6aae4e3e1d56101ff89a824abb190a63
SHA-256: f5222f7d86fd4bbd6df222f3ba98102982c5d1d86927cd1f623d1c741c6f6c15
Size: 260.67 kB - bind-sdb-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 0260d1d87548da72eb6b2174f79bd213
SHA-256: 50e127dceefea4a3629338158ba4100e2c5f4a56694989d5335db11ee1a52caa
Size: 458.61 kB - bind-sdb-chroot-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 9c20328ca44675adcda0cce15d2f2852
SHA-256: 44b485f3ad2abe438abf1054f4a151c22f02b961d765ebecd93f5bf9d280d5eb
Size: 105.15 kB - bind-utils-9.11.36-11.el8_9.1.x86_64.rpm
MD5: 7d87babe551f3ca001791ce614a81174
SHA-256: 478c996c0be4f1fb547b8e977a0c0ab8697855c88093a6d20dd909187258196d
Size: 452.11 kB - dhcp-client-4.3.6-49.el8_9.1.ML.1.x86_64.rpm
MD5: d998930174eda04ba6f7f1d2fa371d65
SHA-256: 3d91e39293fd7b35660634fc19cccd575b2e9fbe88ec179db4f4c6377d8441a8
Size: 317.57 kB - dhcp-common-4.3.6-49.el8_9.1.ML.1.noarch.rpm
MD5: 268d9ba4b8061337c03b7d357922eb2b
SHA-256: 09d0975f297a3cbd421612ecb3c892eff08fa7579f1355184045f280e94bc35c
Size: 206.64 kB - dhcp-libs-4.3.6-49.el8_9.1.ML.1.i686.rpm
MD5: 01d5371e6c9642f1ef1d23f6f930c050
SHA-256: d81ec75c79a9da5a753655b25710c7f2b7513e328148951e490123f68decd97f
Size: 152.62 kB - dhcp-libs-4.3.6-49.el8_9.1.ML.1.x86_64.rpm
MD5: 9b461732140ee0635e75ba3263121d33
SHA-256: b1ff331ea4df2b64976187562fd8fc73b4bdd96e24f4c4ffe32769b297ac026e
Size: 147.28 kB - dhcp-relay-4.3.6-49.el8_9.1.ML.1.x86_64.rpm
MD5: f615b0ae919b0c83d223e16b01d1be64
SHA-256: 95a525d90a1a1a2532c4b63354351bc6969848289dee55fc0000717ca9c032e2
Size: 235.96 kB - dhcp-server-4.3.6-49.el8_9.1.ML.1.x86_64.rpm
MD5: efbdd9191b79addeb2c1382dacb6b900
SHA-256: caf80a6dd1adb82b9c9f963b3e90ef9e21a9a72429491ff517f4309829c3c0ca
Size: 529.48 kB - python3-bind-9.11.36-11.el8_9.1.noarch.rpm
MD5: 84da10452d1859b71b17af389bb56006
SHA-256: f5bf0f1624ea1c0f8ffb929e66d86c241b8a48ea1e4640941f3a62a37f27c567
Size: 150.67 kB