bind-9.11.4-26.P2.4.0.1.el7.AXS7
エラータID: AXSA:2021-1548:04
リリース日:
2021/03/03 Wednesday - 12:08
題名:
bind-9.11.4-26.P2.4.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND は標準の設定では脆弱ではありませんが、GSS-TSIG 機能を
使用する設定が行われている場合、 tkey-gssapi-keytab または
tkey-gssapi-credentialconfiguration オプションに有効な値を明示的に
設定することにより、named プロセスのクラッシュを引き起こすことの可能な
脆弱性があります。(CVE-2020-8625)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-8625
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
追加情報:
N/A
ダウンロード:
SRPMS
- bind-9.11.4-26.P2.4.0.1.el7.AXS7.src.rpm
MD5: 784f471702b94aca66fa14d7cffd3ac8
SHA-256: e83057855c815646302dcd7252d3eeb339c8cb88dfa659dce307dbef76ebd88c
Size: 9.36 MB
Asianux Server 7 for x86_64
- bind-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: 229f2f8a57f826cf9428f860c4f3fb94
SHA-256: c9ec775e68d654cb1c5e70f0ebd1cffdfae3eabf5dbd724d085d118de9314ad3
Size: 2.32 MB - bind-chroot-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: c43799e1cc23371eb955308e376ba973
SHA-256: 08a54e819e3a8614d1b2248ad2fc5cb3082cbe02d0b58b5d6cb2e4c300ea46cf
Size: 91.60 kB - bind-export-devel-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: 69f427f39ed1618c596c6f80ba1836ca
SHA-256: 0e557c8dc041496c8fd6dcc9ee854f19f509a8a1c9a7a063961068e0a9d0b5c4
Size: 388.14 kB - bind-export-libs-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: c543c840214104375e47eab18424004d
SHA-256: b55c291e7aad2241ab99a7b3d9d4358f4dd6e075ffbfcc7eb3c758a5a2a529e7
Size: 1.09 MB - bind-libs-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: 1d6fee46d208999bdf86783a0acb6897
SHA-256: bd5f2ea5264640b753ef02e86b77d05c186da57b3df79a3344864dc47d7e546d
Size: 156.09 kB - bind-libs-lite-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: d24e51d4cecaf2b984c7579a28a5437c
SHA-256: d536b2f1a89a063ec41ede8271dc9b01399e62a8e3f1689b8430580fa6b067a7
Size: 1.12 MB - bind-license-9.11.4-26.P2.4.0.1.el7.AXS7.noarch.rpm
MD5: 5eb9922aa1400b9105291d568ebdf569
SHA-256: 2eb2f335e29f878527741f5603c31f9521949a677d0435f15d43c4d5354c59d8
Size: 89.82 kB - bind-pkcs11-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: 93cebee8070531580d5c77fab79ca101
SHA-256: 41f97d819bc3add06d7eafe1460fdb7d5dd7005f7642e087ebb74d2f99a1766c
Size: 361.09 kB - bind-pkcs11-libs-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: 9435f151a71d738d9ebb929f5d26e266
SHA-256: 01e84d74bf893ba82eb1d6149212257523edd39b4c944497c91296fb0106d347
Size: 1.07 MB - bind-pkcs11-utils-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: 2c4c6261b94c4ff432b9a8a8590a3016
SHA-256: 2706861ae077a81fcb6af273c9d7fc70dd6f79c71df07068d0670e66371d5d7d
Size: 208.26 kB - bind-utils-9.11.4-26.P2.4.0.1.el7.AXS7.x86_64.rpm
MD5: 1de3340b3e64943047ea002658d98c44
SHA-256: 371a45675a2a2e01d010664be0657d86ecf4d37161a1bba1daf468bf7481025b
Size: 259.65 kB - bind-export-libs-9.11.4-26.P2.4.0.1.el7.AXS7.i686.rpm
MD5: 4573cf31a1bd4a75a04e81cf20f7c2fd
SHA-256: f8049758b68dff0714594c1cfc3e2bced04a59a6ea5b512e1965cda8f6897178
Size: 1.07 MB - bind-libs-9.11.4-26.P2.4.0.1.el7.AXS7.i686.rpm
MD5: 8fe56c24b98764443edefefbf9434c32
SHA-256: 86c2c0de3b274a86499e5ae1d03494e2b1ff8ec4bcbf39d0fc312770791be847
Size: 155.30 kB - bind-libs-lite-9.11.4-26.P2.4.0.1.el7.AXS7.i686.rpm
MD5: af4b4edbfbf134361fec2082ecd800b4
SHA-256: e1205d40e1e43c6c08aea3a1cadc6b7caf2da1848e872458d378248164cab053
Size: 1.10 MB - bind-pkcs11-libs-9.11.4-26.P2.4.0.1.el7.AXS7.i686.rpm
MD5: 54cc7dfc27e7ebe4f0d8555b3a87a33f
SHA-256: 80037237fa0f5ab41bdeaa0a9318052707ea5c4a9376e50cdbde3c9c0d50c4d2
Size: 1.05 MB
English