bind9.16-9.16.23-0.16.el8_9.2.ML.1
エラータID: AXSA:2024-7685:01
リリース日:
2024/04/15 Monday - 16:10
題名:
bind9.16-9.16.23-0.16.el8_9.2.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND の named には、リモートの攻撃者により、非常に長くなる
ように細工されたクエリの送信を介して、サービス拒否攻撃 (CPU
リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2023-4408)
- BIND の DNSSEC の処理には、多数の DNSKEY および RRSIG
レコードを持つゾーンが存在している場合、リモートの攻撃者に
より、細工された DNSSEC 応答の受信を介して、サービス拒否
攻撃 (CPU リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2023-50387)
- BIND の最近接名の解決機能には、リモートの攻撃者により、
DNSSEC 署名ゾーンの NSEC3 レコードを含む応答を DNSSEC
リゾルバーに引き渡すことを介して、サービス拒否攻撃 (CPU
リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2023-50868)
- BIND の named には、nxdomain-redirect が設定されている場合、
アサーションに失敗してしまう問題があるため、リモートの攻撃者
により、RFC1918 の逆引きに使用される PTR レコードを照会する
ためのクエリの送信を介して、サービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2023-5517)
- BIND の named には、DNS64 設定と serve-stale 設定間の競合に
起因してアサーションに失敗してしまう問題があるため、リモート
の攻撃者により、サービス拒否攻撃 (クラッシュの発生) を可能と
する脆弱性が存在します。(CVE-2023-5679)
- BIND の named には、キャッシュデータベースのクリーンアップ
処理が適切に実行されない問題があるため、リモートの攻撃者に
より、細工されたクエリの連続した発行を介して、サービス拒否
攻撃 (メモリ枯渇) を可能とする脆弱性が存在します。
(CVE-2023-6516)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-4408
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
CVE-2023-5517
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect
CVE-2023-5679
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2023-6516
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.
追加情報:
N/A
ダウンロード:
SRPMS
- bind9.16-9.16.23-0.16.el8_9.2.ML.1.src.rpm
MD5: e486f073de7ce165ffde046f787187e0
SHA-256: 28c1cd0800ae4e2245d7822f9618da6853134fd668409a11f2ec6a881844dcd5
Size: 5.09 MB
Asianux Server 8 for x86_64
- bind9.16-9.16.23-0.16.el8_9.2.ML.1.x86_64.rpm
MD5: 47f2242c71ff0e19aa5321611aa7d87e
SHA-256: 4bf742939664100a6242d39cdbb78e68207dd177fae3c9ed1aa2be784571bae1
Size: 603.45 kB - bind9.16-chroot-9.16.23-0.16.el8_9.2.ML.1.x86_64.rpm
MD5: d90b5817dfe3f2aa5e555e2355608b9a
SHA-256: d5436b9b7e5ee9279e3eb1ce5b9ef3a939ae26f26513b4c4d001e615b9a82b67
Size: 111.32 kB - bind9.16-devel-9.16.23-0.16.el8_9.2.ML.1.i686.rpm
MD5: 59b32ff7ebe2f484e686bcb4256483c8
SHA-256: f71e4abb7b52a8d4ad07b1c0c18068e074800b9c7676bc043bc75c3b375a7bca
Size: 426.99 kB - bind9.16-devel-9.16.23-0.16.el8_9.2.ML.1.x86_64.rpm
MD5: 4b3f27a12bdd20772f0f0a6a28f99e90
SHA-256: dbab3306fae928e496411df06f618c216c2271170d445210749028a9180e6637
Size: 426.95 kB - bind9.16-dnssec-utils-9.16.23-0.16.el8_9.2.ML.1.x86_64.rpm
MD5: 203a62e7b30ee5c567a3afa0c4aab4cb
SHA-256: 11a1a4652d402af82038fc83353d09ca18bac1309b771bc8d9652a15ffa5f892
Size: 244.58 kB - bind9.16-doc-9.16.23-0.16.el8_9.2.ML.1.noarch.rpm
MD5: 26be1d076ddce25bcac88596ee3e71bb
SHA-256: d3b285c8062ca8505caf96318fbf24df6ace45d7af808f68b4a285ec74e6ea93
Size: 3.67 MB - bind9.16-libs-9.16.23-0.16.el8_9.2.ML.1.i686.rpm
MD5: 2be07a77363569233e2c258caa2df292
SHA-256: 6768b782824adfab7460b8dd0dbe7fa53a1166e346ccc68f0dfe2464b1f04386
Size: 1.45 MB - bind9.16-libs-9.16.23-0.16.el8_9.2.ML.1.x86_64.rpm
MD5: 9c8009e0476bce00b926f7b464cbf250
SHA-256: f646bb425119e7c19b14e99b9938755445678d66922555e44662bfb4c5984e51
Size: 1.36 MB - bind9.16-license-9.16.23-0.16.el8_9.2.ML.1.noarch.rpm
MD5: 6c7a5fc1502fc843ea066999b4312f88
SHA-256: 44cc7fa55a146b111a900208cff17acd58d3f7e720850e35c6513c612a771ed7
Size: 107.63 kB - bind9.16-utils-9.16.23-0.16.el8_9.2.ML.1.x86_64.rpm
MD5: c65894b0753d4422cc23807727c57894
SHA-256: f4d25612653cec8e4f8a0cf171e29c76a4cb1eb7a0c943517a1bf17121d887ed
Size: 289.65 kB - python3-bind9.16-9.16.23-0.16.el8_9.2.ML.1.noarch.rpm
MD5: 6c73a44806c906a8eea9dcf2be0af79b
SHA-256: b5a3593ef7e39a712cb9b0d90617843a4d1a73dc33f941a7cbe24ef4e446e0a3
Size: 155.93 kB
English