unbound-1.16.2-3.el9
エラータID: AXSA:2023-5451:02
リリース日:
2023/05/22 Monday - 07:21
題名:
unbound-1.16.2-3.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Unbound には、リモートの攻撃者により、無応答委任攻撃
(Non-Responsive Delegation Attack) を介して、パフォーマンス
の低下やサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2022-3204)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-3204
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.
追加情報:
N/A
ダウンロード:
SRPMS
- unbound-1.16.2-3.el9.src.rpm
MD5: d2762b4978c08858bc5dd219fa4ce161
SHA-256: 069ab8116778ee14c6d2bb2723ad515b899c5168aef1a22b2c2e7114f2708541
Size: 5.98 MB
Asianux Server 9 for x86_64
- python3-unbound-1.16.2-3.el9.x86_64.rpm
MD5: 622ebd5dab9bc0a1c49f2ebc423adb02
SHA-256: 165483da1085b24a08bcb18ae4cff7e1ea323d76e4676832f0d614bbb8330822
Size: 99.21 kB - unbound-1.16.2-3.el9.x86_64.rpm
MD5: d71363aa593c4dd942569d4a125b82fd
SHA-256: 98ee284ca26f58f504676e3664139608182f545be52abbf10a6a89c0c253527c
Size: 963.16 kB - unbound-devel-1.16.2-3.el9.i686.rpm
MD5: 43cbc332550167e9d065908bb2d480c2
SHA-256: 115b8acb9fa9e5011d37b8d2354f1fa468d31708ab5b1453089bc78f27278f6d
Size: 30.78 kB - unbound-devel-1.16.2-3.el9.x86_64.rpm
MD5: 18130a698e7b9a780de1487e11414d8e
SHA-256: d6682d93800015aeef1de1b0ed5180ed76d70bf0f7d1b23006cdb0fbce700453
Size: 30.75 kB - unbound-libs-1.16.2-3.el9.i686.rpm
MD5: fd0770bd4ffe5e0f49b3eed7e15b247f
SHA-256: 507ce7c9fef6ae59f6276f604d8d6848ca2d6e57b6a7353ad796878e6bc2ffff
Size: 572.02 kB - unbound-libs-1.16.2-3.el9.x86_64.rpm
MD5: a8ae74b770d70d6749c2aade3d27b96b
SHA-256: 43d3c84e9cc391348c389c69f9572e808a95dfffac22a82f714147c7e6a168ed
Size: 547.49 kB