python-dns-1.15.0-12.el8
エラータID: AXSA:2024-8211:01
The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode.
Security Fix(es):
* dnspython: denial of service in stub resolver (CVE-2023-29483)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-29483
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
Update packages.
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
N/A
SRPMS
- python-dns-1.15.0-12.el8.src.rpm
MD5: 9db9395cf13f1d1f50f9d14f584faa1d
SHA-256: 825ad9154f6e2f61a80b3c168085cb57e641f5128af5039b340d458c450a8876
Size: 169.62 kB
Asianux Server 8 for x86_64
- python3-dns-1.15.0-12.el8.noarch.rpm
MD5: 71f96d2405ae2f80a312f8642273bb6a
SHA-256: fdf7dfc0b6c05625714e99b16da723bd8f862a7622420751c884b24063fbc939
Size: 252.25 kB
日本語