bind-9.11.4-26.P2.14.0.1.el7.AXS7
エラータID: AXSA:2023-6247:08
リリース日:
2023/07/20 Thursday - 06:52
題名:
bind-9.11.4-26.P2.14.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND には、キャッシュクリーニングアルゴリズムの有効性が著しく
低下してしまう問題があるため、リモートの攻撃者により、特定の
リソースレコードセットを特定の順番でリゾルバに問い合わせること
を介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-2828)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-2828
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
追加情報:
N/A
ダウンロード:
SRPMS
- bind-9.11.4-26.P2.14.0.1.el7.AXS7.src.rpm
MD5: 4e36be916d69cfa621773e51b913ae15
SHA-256: aaa86ed8af1a8063afbb18150422038cacebe2dd00e2894104fe95a5f6843a38
Size: 9.38 MB
Asianux Server 7 for x86_64
- bind-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: cf553c6b7bae442c6ebed73b681ed783
SHA-256: afa38ba45714907bb2dcc378e15f2df5aed8818995d60fab1d6f02e123903c4e
Size: 2.32 MB - bind-chroot-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: 983264402260b308769edebd6cb983ed
SHA-256: 5db9928c191c135da52f297d41c40e272ff93a61b7fd13e8c8d863f88ab91306
Size: 92.90 kB - bind-export-devel-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: 224530b0614d0171a32933ee373cff01
SHA-256: cfec97542e33ff5ec989f869ad7a59b18f08ffcb15acd6d5146b9dd4c2bfa761
Size: 389.44 kB - bind-export-libs-9.11.4-26.P2.14.0.1.el7.AXS7.i686.rpm
MD5: 674b8f2d16f35fc7b9ba117d93ce4087
SHA-256: 51e8936a5890a78fd4970e0e0d7c7152202519ea13462bfe2a193a0250dbdf2f
Size: 1.08 MB - bind-export-libs-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: ff4c7986df2a6598c73c207f71142db2
SHA-256: 4bbb74d94ce773f8ac1f5293ce4f13d95019c0fd577cf62988b144675249aec8
Size: 1.09 MB - bind-libs-9.11.4-26.P2.14.0.1.el7.AXS7.i686.rpm
MD5: 65b54214e4ea6f7badeab71506ad1673
SHA-256: aa99be06e6d30d8d085713d72189a676fdb58efb4c5014c4488c7ec30cfef9fb
Size: 156.62 kB - bind-libs-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: bd65eae7edd3ee9221ee9f264f977401
SHA-256: 15bbef9d071549f0fd34ccf78973edae78918c39df7b486121aad9c84db2d605
Size: 157.38 kB - bind-libs-lite-9.11.4-26.P2.14.0.1.el7.AXS7.i686.rpm
MD5: 1e177a9777ef5e94875bed0cfb5ad2cf
SHA-256: 6eeb16cce312ec9d102839edb6c6f47a4eab50cd75a8fc06dcf047e6a8951837
Size: 1.11 MB - bind-libs-lite-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: 09c4ff3ff97cddc382164ce078d308d1
SHA-256: d038fb00b30de48cb77adc64ddf544e58c615020b8be799156ad2f5ad55f76bb
Size: 1.13 MB - bind-license-9.11.4-26.P2.14.0.1.el7.AXS7.noarch.rpm
MD5: da511d89c670eed5b74ed3b54be94a07
SHA-256: fff5e7a29b1fd6f0aea800f1efde74a0f74ee72974c21f02de7775b20b2aee3f
Size: 91.12 kB - bind-pkcs11-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: 849ff05797262c7855db9685ce18354a
SHA-256: 0d3f6fa68b21ae82a4edf54ab94758855c516cb6ff8fb1439b1f9d5640c15b98
Size: 362.24 kB - bind-pkcs11-libs-9.11.4-26.P2.14.0.1.el7.AXS7.i686.rpm
MD5: 0da8cc56978f1d82a9eb6e50c486bde8
SHA-256: 6be60a4c48cebbbc9cc57ed0c134e5d173b1eeef63eb744cadd6264fb331d66f
Size: 1.06 MB - bind-pkcs11-libs-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: 6c1ecd7844d927d203df11f0e6a43d7a
SHA-256: fb93d75dd32136d76fef571a16018891883bfea4c1768369dc2bfd971c994f90
Size: 1.07 MB - bind-pkcs11-utils-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: c62bc3e16a61ff63672b715e7bd3763b
SHA-256: 516c16009176e74abb67a21b31ccac12523b3a4f7098c787e18f6cd3d18c1bf4
Size: 209.55 kB - bind-utils-9.11.4-26.P2.14.0.1.el7.AXS7.x86_64.rpm
MD5: 0501b1e8414b65928e82167d3d6c6e69
SHA-256: 65186d1a153c6f994a4de042f3260dd76bf4d22a70e1ff3e4fc26f81987dcafb
Size: 260.98 kB