unbound-1.16.2-2.el9
エラータID: AXSA:2023-4630:01
リリース日:
2023/01/06 Friday - 07:50
題名:
unbound-1.16.2-2.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- unbound には、リモートの攻撃者により、幽霊ドメイン名攻撃を
介して、失効後も不正なドメイン名の解決を可能とする脆弱性が
存在します。(CVE-2022-30698)
- unbound には、リモートの攻撃者により、幽霊ドメイン名攻撃を
介して、失効後も不正なドメイン名の解決を可能とする脆弱性が
存在します。(CVE-2022-30699)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-30698
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
CVE-2022-30699
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
追加情報:
N/A
ダウンロード:
SRPMS
- unbound-1.16.2-2.el9.src.rpm
MD5: 319241b03bd1350b7cc6fd0c3e55b732
SHA-256: 1516018019b073a3c7d93518d3e683166434db609c50c8cbe1428414563274b6
Size: 5.97 MB
Asianux Server 9 for x86_64
- python3-unbound-1.16.2-2.el9.x86_64.rpm
MD5: e333682d283e1e03d4b4f717afcafe88
SHA-256: 411775f027e2ebb62058268c504f9a06fdbd36bffd53413b4eefc6829b6317d8
Size: 99.43 kB - unbound-1.16.2-2.el9.x86_64.rpm
MD5: 21e514c93b23747c09ed0cbaf335be8a
SHA-256: 5cfb8238566bd584dea39a231438bc9b822a3e45cc9ced3b0da62bd219adfded
Size: 962.27 kB - unbound-libs-1.16.2-2.el9.x86_64.rpm
MD5: 7cd449d2e4957292260e4d7a3ef39c62
SHA-256: ce744a5b1604a2028a2ad0b14eaccd3bc4575490867dace6ba4a71fec1c26c98
Size: 547.78 kB - unbound-libs-1.16.2-2.el9.i686.rpm
MD5: b4b6c409bfd6ccfe4c140a0e6f0a30b1
SHA-256: b557eeba5292dba455440fd9132cd75bf18fb4e553559cf0e016f06c1e6d4846
Size: 571.92 kB
English