unbound-1.6.6-5.0.3.el7.AXS7
エラータID: AXSA:2024-8987:07
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
The C implementation of Unbound is developed and maintained by NLnet Labs. It is
based on ideas and algorithms taken from a java prototype developed by Verisign
labs, Nominet, Kirei and ep.net.
Unbound is designed as a set of modular components, so that also DNSSEC (secure
DNS) validation and stub-resolvers (that do not run as a server, but are linked
into an application) are easily possible.
Security Fix(es):
* CVE-2023-50868: avoid availabiluty of the remote attackers to cause a denial
of service using DNSSEC
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
Update packages.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
N/A
Asianux Server 7 for x86_64
- unbound-1.6.6-5.0.3.el7.AXS7.x86_64.rpm
MD5: 8b7b73282996a08a0cb684d8e769b129
SHA-256: a5195d499aff84a7c173160183a74ac8ce9821dc67cafb3f3f6c960ff4458a1f
Size: 680.41 kB - unbound-libs-1.6.6-5.0.3.el7.AXS7.i686.rpm
MD5: 25f35ca69a83703c737c9d4b14421bff
SHA-256: 3a40c98b00877977ed001d2d8834fbc64e5b1c8f5420c7fa643e01570021792c
Size: 399.66 kB - unbound-libs-1.6.6-5.0.3.el7.AXS7.x86_64.rpm
MD5: a148c0e0bc3237c1ba0dbd149aeb0927
SHA-256: ad8fa77c494eb0312131e31c540def184bcc0442db257f6e5a250f910e658cd6
Size: 409.35 kB
日本語