unbound-1.16.2-5.el8_9.2
エラータID: AXSA:2024-7555:01
リリース日:
2024/02/29 Thursday - 10:39
題名:
unbound-1.16.2-5.el8_9.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND の DNSSEC の処理には、多数の DNSKEY および RRSIG
レコードを持つゾーンが存在している場合、リモートの攻撃者に
より、細工された DNSSEC 応答の受信を介して、サービス拒否
攻撃 (CPU リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2023-50387)
- BIND の最近接名の解決機能には、リモートの攻撃者により、
DNSSEC 署名ゾーンの NSEC3 レコードを含む応答を DNSSEC
リゾルバーに引き渡すことを介して、サービス拒否攻撃 (CPU
リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2023-50868)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
追加情報:
N/A
ダウンロード:
SRPMS
- unbound-1.16.2-5.el8_9.2.src.rpm
MD5: 2fde186a7050d9f39f767dfd68b79973
SHA-256: 1e018f109de3842be4c0c4aed819297cd47ef571dbb25d2c545b10c5ecd0dbd1
Size: 6.01 MB
Asianux Server 8 for x86_64
- python3-unbound-1.16.2-5.el8_9.2.x86_64.rpm
MD5: 9f6944836f660e21e240eaba6851100e
SHA-256: 49981b6219329bfd0b9e9786be00724d641c989e778238f6c180b87514a4d1f8
Size: 128.79 kB - unbound-1.16.2-5.el8_9.2.x86_64.rpm
MD5: 52f4c8525f36fa16764d62cdb4bdfb5d
SHA-256: 2e745cc71e1fad980a0239fc321a6a4b4d9f11c73e0d5a52c0a2b1c5a3e3fea3
Size: 1.00 MB - unbound-devel-1.16.2-5.el8_9.2.i686.rpm
MD5: bb80679cae28749011c29acca50381c6
SHA-256: 1b3212826e70139f02fa21a26f7a24d953dc0ad4e53e922a0d67153013939626
Size: 56.20 kB - unbound-devel-1.16.2-5.el8_9.2.x86_64.rpm
MD5: e0462313635330725d40da0533470d69
SHA-256: 0d95b5a0b38bc814a0d85e486be76af922eb8e45a64fa9240506fa0d03b8671e
Size: 56.17 kB - unbound-libs-1.16.2-5.el8_9.2.i686.rpm
MD5: 809d2026fbf623ba8ffc1ca29c4fbaf0
SHA-256: 26990c9d18f8c870629a79a33a944a6b5797efe5cb79e387aa4b0665e63c31f2
Size: 615.82 kB - unbound-libs-1.16.2-5.el8_9.2.x86_64.rpm
MD5: d89ed48b1eb3bf1cba1265d837d92019
SHA-256: c5f8606e6df5865cce3a690dd81839be7b7bc51a7b5be08472f1ec6fc229f4a4
Size: 575.62 kB
English