unbound-1.16.2-3.el9_3.1
エラータID: AXSA:2024-7557:02
リリース日:
2024/02/29 Thursday - 10:45
題名:
unbound-1.16.2-3.el9_3.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND の DNSSEC の処理には、多数の DNSKEY および RRSIG
レコードを持つゾーンが存在している場合、リモートの攻撃者に
より、細工された DNSSEC 応答の受信を介して、サービス拒否
攻撃 (CPU リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2023-50387)
- BIND の最近接名の解決機能には、リモートの攻撃者により、
DNSSEC 署名ゾーンの NSEC3 レコードを含む応答を DNSSEC
リゾルバーに引き渡すことを介して、サービス拒否攻撃 (CPU
リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2023-50868)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
追加情報:
N/A
ダウンロード:
SRPMS
- unbound-1.16.2-3.el9_3.1.src.rpm
MD5: b1207c9c4ffc68eab2a81328c55e811f
SHA-256: 73832c03e1de2e0841f62d10ba518ba2f1634a121be90288dd6428a9ba85e205
Size: 6.00 MB
Asianux Server 9 for x86_64
- python3-unbound-1.16.2-3.el9_3.1.x86_64.rpm
MD5: c31d392bf25ab21999643f8e576ba675
SHA-256: 0cb91ded8c9a997b4ba56e4f7ab995a50ac449652a0a0e02ddb9c2e23f8522fa
Size: 104.97 kB - unbound-1.16.2-3.el9_3.1.x86_64.rpm
MD5: 39a900f79fd3ff547904e83653a92770
SHA-256: d30e1512794dec530345d337cf035e2ebaa44975ee419df7ec2efb0a761caa88
Size: 966.47 kB - unbound-devel-1.16.2-3.el9_3.1.i686.rpm
MD5: 9494cfc644d1043f4adcab131f334b54
SHA-256: 11483db6cadbf81e8a24c3588a376a39de8cb5692b110d4df0a0a3eeeca47faa
Size: 38.09 kB - unbound-devel-1.16.2-3.el9_3.1.x86_64.rpm
MD5: 4315efc7fd44a2ac8f87ba90f8975103
SHA-256: c6b8225fb9e58a4b219d940aa67956eb127257445092868d08dbca41851563ad
Size: 38.10 kB - unbound-libs-1.16.2-3.el9_3.1.i686.rpm
MD5: 79c0f778719352102ca0ef042e597870
SHA-256: 71023b4abd289f6c79fac6c4f3054d2b9884c6a806bb68b89391abfc05ab53ab
Size: 573.32 kB - unbound-libs-1.16.2-3.el9_3.1.x86_64.rpm
MD5: 3463fcf0bee7594c4b188c7021129fa0
SHA-256: 915d44ab795ddf30369bbad49923d64ac73add1d13baaefe3db51b99f5539713
Size: 547.51 kB