unbound-1.16.2-2.el8
エラータID: AXSA:2022-4339:01
リリース日:
2022/12/08 Thursday - 06:16
題名:
unbound-1.16.2-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- unbound には、リモートの攻撃者により、幽霊ドメイン名攻撃を
介して、失効後も不正なドメイン名の解決を可能とする脆弱性が
存在します。(CVE-2022-30698)
- unbound には、リモートの攻撃者により、幽霊ドメイン名攻撃を
介して、失効後も不正なドメイン名の解決を可能とする脆弱性が
存在します。(CVE-2022-30699)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-30698
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
CVE-2022-30699
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
追加情報:
N/A
ダウンロード:
SRPMS
- unbound-1.16.2-2.el8.src.rpm
MD5: a461bec341920c843ce40a9b95fbf479
SHA-256: d16632414e6d5b4ac373f9f2053c88642ce45f842a03fe2372580b2defece091
Size: 5.99 MB
Asianux Server 8 for x86_64
- python3-unbound-1.16.2-2.el8.x86_64.rpm
MD5: 14bb5686802d66de2f1521e034da18c9
SHA-256: bcebdb6c22073d7b01be25d3fa142737bef12e446cd594e70cc711948062c905
Size: 127.95 kB - unbound-1.16.2-2.el8.x86_64.rpm
MD5: e152e568f764d64bdb569b1ef9f0952a
SHA-256: 2bc7fa057e5f931d546dfac2e7d397d476534ae5b432eae255a3b0c8acb00382
Size: 0.99 MB - unbound-devel-1.16.2-2.el8.x86_64.rpm
MD5: a86e27541b48a43903ff996872c59f93
SHA-256: 35b8ed2563fbf2fa8ba47f1c45ec761d1a193a0f22973b6528592a41d11984dc
Size: 59.85 kB - unbound-libs-1.16.2-2.el8.x86_64.rpm
MD5: f11512b1cc4b2c687f001e10cfc74208
SHA-256: 9cb169fd70f32c88c73a01ea87a5fb6246a543d7257c9b15a254a64acd6e7568
Size: 572.55 kB - unbound-devel-1.16.2-2.el8.i686.rpm
MD5: d588d93908b68dc80b42b8e7a05f0097
SHA-256: 90412f156f6656e3f1653d1d4799528dd45e0adf55e6fb699d614b356b7b48a6
Size: 59.87 kB - unbound-libs-1.16.2-2.el8.i686.rpm
MD5: 94e3e26f21106d9d994841820044563a
SHA-256: 51206240a3dc5ba54219e02a39a437dd29de3007c521b99ea1797d855c99b510
Size: 612.29 kB