bind-dyndb-ldap-11.9-10.el9_4.ML.1, bind-9.16.23-18.el9_4.6
エラータID: AXSA:2024-8655:03
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
* bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam (CVE-2024-1737)
* bind9: bind: SIG(0) can be used to exhaust CPU resources (CVE-2024-1975)
* bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content (CVE-2024-4076)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-1737
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-1975
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Update packages.
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
N/A
SRPMS
- bind-dyndb-ldap-11.9-10.el9_4.ML.1.src.rpm
MD5: b7fa1c010dfd31b1a7549de0681960e5
SHA-256: 88910d307d9a4637d9940a5d4d0911abe81ca78e99688a55de0a5286862149a8
Size: 363.11 kB - bind-9.16.23-18.el9_4.6.src.rpm
MD5: 08594a6a8bcf616de78e34aa4d12ed99
SHA-256: ce49556c8ed5108aacee4bb1a9a5b4f589887a04cf532a890df9478c5c1d890f
Size: 5.08 MB
Asianux Server 9 for x86_64
- bind-9.16.23-18.el9_4.6.x86_64.rpm
MD5: fd5f7e24889a3a658c857f4c77d0d4b9
SHA-256: 9acfd3e48780ccb5473e44e53493b161509bfe79194ac97b082cc967eb17d6ad
Size: 501.03 kB - bind-chroot-9.16.23-18.el9_4.6.x86_64.rpm
MD5: e472be7395ec57b3785c0701d233f183
SHA-256: ae21b265489bc19525ff8072cbf091a7d27389bb76f78137e2930c8dbddc1bc3
Size: 16.41 kB - bind-devel-9.16.23-18.el9_4.6.i686.rpm
MD5: 102e9aabbbcbe2627ffab799100396dd
SHA-256: 2ea517e31a094a0a413e7c46008b1228be955d458b3e4d652195752d861b6681
Size: 359.87 kB - bind-devel-9.16.23-18.el9_4.6.x86_64.rpm
MD5: bb477bf441dde5e99500284dbae1c8a7
SHA-256: 5637c42cb3a4b191c98a666b83d52f4f5cf2e0502416f3e43854607c8b43ef43
Size: 359.81 kB - bind-dnssec-doc-9.16.23-18.el9_4.6.noarch.rpm
MD5: c46dac9da27b892fa51f6e502aded128
SHA-256: 04c02b689e40859f3dbadef19def543bc4ad26a730ff907c0b6e851c0b34e244
Size: 45.00 kB - bind-dnssec-utils-9.16.23-18.el9_4.6.x86_64.rpm
MD5: 934eafba0e7e605047b9cfc8bd212486
SHA-256: 3cb9fcdbff5440b75f0ff3af60fd6daa6c92626adec0bf5c006f4c29f2b17ca1
Size: 114.45 kB - bind-doc-9.16.23-18.el9_4.6.noarch.rpm
MD5: 2c9e484e467e64aaa92094381a368a31
SHA-256: 501d8c0507b95e4a8d26fd424c92c8cdd3ee689c42219aaf7b1304004c50a3c4
Size: 2.09 MB - bind-dyndb-ldap-11.9-10.el9_4.ML.1.x86_64.rpm
MD5: ae3938084c4a82bed38fceeb284903d1
SHA-256: 53ce9343c7083948a4a6c90b5e2064a6567d3b7dc64b4a0cd7d665c5085d483d
Size: 103.97 kB - bind-libs-9.16.23-18.el9_4.6.i686.rpm
MD5: 6dbff05a7c119d5a0721c977bbfa5bef
SHA-256: bc3624c76ca4d5de94cc1630e400164e7f58fc9c29f12db1e232e32465a3dd98
Size: 1.34 MB - bind-libs-9.16.23-18.el9_4.6.x86_64.rpm
MD5: ff869e29a6090cec360b544774358569
SHA-256: 4cfeb41ece83934bc428abd7f4286bdad92e41885624029166ab6bb6707bdd0c
Size: 1.24 MB - bind-license-9.16.23-18.el9_4.6.noarch.rpm
MD5: 5718cc7360386a1e8479af86e9c4d032
SHA-256: f94076899d4ed52d4f320c4aaf90ffa52cedfdfcec21aec2f1bcc74c22c68e93
Size: 12.52 kB - bind-utils-9.16.23-18.el9_4.6.x86_64.rpm
MD5: db98093977e08926a5addb967b9b1416
SHA-256: 854c1e917191e349706228613767e3af1f5626a08e960c4c2f9776c1d65d5b37
Size: 207.74 kB - python3-bind-9.16.23-18.el9_4.6.noarch.rpm
MD5: 975d7d4b0458fe9f278cd033511f4f41
SHA-256: b5719940872150ada54b9da44d295dbf5003a966e67cfd35161518836767d343
Size: 71.23 kB
日本語