bind-9.11.36-11.el8
エラータID: AXSA:2024-7362:01
リリース日:
2024/01/11 Thursday - 08:04
題名:
bind-9.11.36-11.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- BIND には、動的 DNS 更新メッセージ処理時のメモリ領域の確保
処理に起因してメモリ枯渇に至る問題があるため、リモートの攻撃者
により、大量の動的 DNS 更新メッセージの送信を介して、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2022-3094)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-3094
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.
追加情報:
N/A
ダウンロード:
SRPMS
- bind-9.11.36-11.el8.src.rpm
MD5: 998f53642fcfdc20867d67ac09c54a3c
SHA-256: 19026494accfe3bcb06866a1ce21df1a4fe8b34077f3cd266f6b8edd2f936a1e
Size: 8.16 MB
Asianux Server 8 for x86_64
- bind-9.11.36-11.el8.x86_64.rpm
MD5: bac56e4709feea961d9119a624361715
SHA-256: 902e46ceabdc455472c090e452968c1adbaa7011d74e30e24f8dee7f0945aea1
Size: 2.13 MB - bind-chroot-9.11.36-11.el8.x86_64.rpm
MD5: f5c744e56540cef8131d656df3bc56bf
SHA-256: b2571563c4da32d48bd79fddc14fa6a954a4ec7dde77c189a65fa64552ca1af0
Size: 105.10 kB - bind-devel-9.11.36-11.el8.i686.rpm
MD5: 0c4489d3f2e5371a5a2e2ad4c988ef0f
SHA-256: 33ff7c8c75da9208c848903c2e3312f189de5a348d1330d7dee3d6c5df636528
Size: 177.63 kB - bind-devel-9.11.36-11.el8.x86_64.rpm
MD5: ede544801eb82f9806ead21af2d4e4f3
SHA-256: 359cced0cbf0fd9f33311436d054b59dd879281face77e97b4ecb037c457ae7f
Size: 177.63 kB - bind-export-devel-9.11.36-11.el8.i686.rpm
MD5: f93e9d0557748ea3aabed7dd41557f97
SHA-256: 51c337600073d37980145963dddb43b6a9370e329bce6185d209f8d923ebeb84
Size: 406.87 kB - bind-export-devel-9.11.36-11.el8.x86_64.rpm
MD5: d4ec742ec485939fc4bcafad5b8bb8bf
SHA-256: e710daa74488aa3952595d3dc68e01ea427703e579490f358a3c65b84dd404c8
Size: 406.89 kB - bind-export-libs-9.11.36-11.el8.i686.rpm
MD5: 486d1f756f0a0a1170af2c0dc1827c48
SHA-256: 356344f512071a9dddefad9cd09d273172563df9738ed8ba4a9a6f6d74206eb8
Size: 1.21 MB - bind-export-libs-9.11.36-11.el8.x86_64.rpm
MD5: 0054feb9aa8593e44cb84a189e240db4
SHA-256: 865ebed8c3659067fe60a78069d89afaae23791598d03f133989b9a88372a978
Size: 1.14 MB - bind-libs-9.11.36-11.el8.i686.rpm
MD5: 190eacd4e32ace5347d49d1dba6dcbbf
SHA-256: 0d619b3b6916a20fe51475dbda849e51279890de2ae2d8361d5f77fc6221c96d
Size: 180.20 kB - bind-libs-9.11.36-11.el8.x86_64.rpm
MD5: 1e84a200ef141defd1f22e2273bb8ae1
SHA-256: e354012e387e01a72b8951accaf9b947bad776eeee4a983eee634de7ab4e0630
Size: 174.71 kB - bind-libs-lite-9.11.36-11.el8.i686.rpm
MD5: 198c432cdfac68dc082bc00f61deb125
SHA-256: afd276f0079bd3a68a013af44cd8cc1fb558a6199c459e583a18ed59aab386b9
Size: 1.26 MB - bind-libs-lite-9.11.36-11.el8.x86_64.rpm
MD5: 6ba39df195f6e80283bcef2ff62c1f51
SHA-256: 3f260bdc6b1e50346308cfd1bba932a5c71afa6057a0e2d759fbc15d2260c178
Size: 1.18 MB - bind-license-9.11.36-11.el8.noarch.rpm
MD5: bfd4ba9264441db4fe5b4060c6782646
SHA-256: edcfc8563cc3185e2810c2196cfa2d641cb51dd3a27fd01c8baf1d8a3e50bbed
Size: 102.99 kB - bind-lite-devel-9.11.36-11.el8.i686.rpm
MD5: f4425e506793ec4b3b3adb5990a2d149
SHA-256: 9fe1c0a4217955a407a1de39c2089b0b9be67828f7c035062e2a3d80ed3c831a
Size: 400.15 kB - bind-lite-devel-9.11.36-11.el8.x86_64.rpm
MD5: f4161b1c91ad71bcc965eaa3720fd48d
SHA-256: 8b3d9b51b91210a302185b2de883c66e19a9b18b9b67d9dfe9db37a4820afbc4
Size: 400.14 kB - bind-pkcs11-9.11.36-11.el8.x86_64.rpm
MD5: 6a79f13344b4276400ea4167440d6eb5
SHA-256: 86d77b558eb3c5ab3828aeb1f2be87a73c2656e79dc70888f417061b125889c9
Size: 398.43 kB - bind-pkcs11-devel-9.11.36-11.el8.i686.rpm
MD5: 9222e3e9f07d8d51d0c2819e81e0ca9f
SHA-256: ad60bb1cacb32b3d8dc6141e4b90784174586e0f0375784cb0e79adbd0faaefb
Size: 115.20 kB - bind-pkcs11-devel-9.11.36-11.el8.x86_64.rpm
MD5: 688febd408932cac97f332356bad482d
SHA-256: 24817bf15e3029fd20ab1b70d13fcb26d325b94485e08bc79bef52d659f6fe3b
Size: 115.19 kB - bind-pkcs11-libs-9.11.36-11.el8.i686.rpm
MD5: 8bcadf2f09a39100a5b40fb2de70f343
SHA-256: 33556c76a4bb4d4db92773a323e93bdebac2c2be80c546519946a395ec17777c
Size: 1.21 MB - bind-pkcs11-libs-9.11.36-11.el8.x86_64.rpm
MD5: 9b14736fd50d34b58a42315a52f1bd00
SHA-256: 7074e65e77c06177db11e100d497ef9c55140b23ac486b4bb1f735f6c2342829
Size: 1.13 MB - bind-pkcs11-utils-9.11.36-11.el8.x86_64.rpm
MD5: 48c213811d8174f690736a3145d85a65
SHA-256: b51c05c50b2e3a87bfe6e953247c684f8d18c3ffa058fa142b8d40b677460213
Size: 260.20 kB - bind-sdb-9.11.36-11.el8.x86_64.rpm
MD5: b166f9555d7a62087f9af58b4c6122ee
SHA-256: 3723f57878febaf5919c56ca28196709e5a91020c38254f55eaf0850f5ffdc08
Size: 458.23 kB - bind-sdb-chroot-9.11.36-11.el8.x86_64.rpm
MD5: 7996233e3da9189c4b5e64c0ff329b07
SHA-256: eb0e8675dc5c6d2c15b4d12059d07cbe58515cfdbb94a659d797fd1a8af32d36
Size: 104.73 kB - bind-utils-9.11.36-11.el8.x86_64.rpm
MD5: 896a2a17a6770a3a93b0c9d2f0029cd5
SHA-256: 8ef177def039d391f5993c407ce598c1eaec9083e16ebfb2283e683dda8baab4
Size: 451.79 kB - python3-bind-9.11.36-11.el8.noarch.rpm
MD5: 27fed4c4af11a485aad0369df2ddb2fc
SHA-256: c7621253bade1fe94d5c1a91501a6325bbc291fc8f16d87f1a50c5ff8cddb4a0
Size: 150.26 kB
English