bind-dyndb-ldap-11.1-7.el7.1, bind-9.11.4-26.P2.16.0.1.el7.AXS7, dhcp-4.2.5-

エラータID: AXSA:2024-8142:01

2024/06/11 Tuesday - 18:23
bind-dyndb-ldap-11.1-7.el7.1, bind-9.11.4-26.P2.16.0.1.el7.AXS7, dhcp-4.2.5-
Asianux Server 7 for x86_64

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Bind-dyndb-ldap provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server.

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

* bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
* bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)
* bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.


Update packages.




  1. bind-dyndb-ldap-11.1-7.el7.1.src.rpm
    MD5: 458f970d6b4340a9f23271948782f5dd
    SHA-256: 3d943a4f961ecbf45914918c90072ec263e88ed11996c704b5a6b2e9e8029efe
    Size: 381.32 kB
  2. bind-9.11.4-26.P2.16.0.1.el7.AXS7.src.rpm
    MD5: b77da325c1c7ad2d06e26b89342d9930
    SHA-256: d35026b150c9f576ffab76edddb2f228eca5cd19842d2823b5087492e4d6bcc3
    Size: 9.41 MB
  3. dhcp-4.2.5-
    MD5: 54c8b3be122c8da5a1f56e28bb70ae80
    SHA-256: 872f5733376a32448d94405dab1b2fc9ec4d24d1758d077c1c037ed5dded6c99
    Size: 8.12 MB

Asianux Server 7 for x86_64
  1. bind-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 3a9d9b2ea6c873e7a5900a4de90b7a3e
    SHA-256: 044c97ecb4ab07ca614a3d0f53abe86dc37de6ad5c0075fe7a1b561c12d3939f
    Size: 2.32 MB
  2. bind-chroot-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 49ebc8f9caf39d31edfd5470cf54ac69
    SHA-256: 1e99d8d81ee08e46b80c4e0a95492f0c683d5763b1e3a359e728a3549683d2e1
    Size: 93.34 kB
  3. bind-dyndb-ldap-11.1-7.el7.1.x86_64.rpm
    MD5: dba7bb6ace32f2a50e8b1a320125613e
    SHA-256: e05609a289393499e21d0cb7ac65272599a274b72d997d9cc301ff6dc6033bb1
    Size: 120.46 kB
  4. bind-export-devel-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: ea47afdbb2938b857619bda5192c4c0d
    SHA-256: bcc079274ce43cf2ebcabe7142220246b59abe2bc5a9f8160abe37fb33c798a7
    Size: 390.20 kB
  5. bind-export-libs-9.11.4-26.P2.16.0.1.el7.AXS7.i686.rpm
    MD5: d7f47d738811ce31101470698e7e7009
    SHA-256: 1501ad97e60af347325859f30dee88b8cd7796c6e415138dc6ee0d523c5a334c
    Size: 1.08 MB
  6. bind-export-libs-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 8d32ce6469832ef680caabcb8a731f8e
    SHA-256: 32a3771002d214c99017f32b9ca5cc4ceff70c96c533253655dde7301361925c
    Size: 1.10 MB
  7. bind-libs-9.11.4-26.P2.16.0.1.el7.AXS7.i686.rpm
    MD5: c5735a1b9da50f06201e2db1e33a518b
    SHA-256: d0419f9c4fd9d56596e0c1be7c1e797118881a19edd5d3a8df669438d457f632
    Size: 157.05 kB
  8. bind-libs-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 49b604536a236976557599d88d1bf0e0
    SHA-256: a7d5af406cfb04562bc49c55fc5616396a25c3770c39201243cb3e1efb777aa1
    Size: 157.92 kB
  9. bind-libs-lite-9.11.4-26.P2.16.0.1.el7.AXS7.i686.rpm
    MD5: 183346a67c192707d33451c35ff550ec
    SHA-256: 4ba8c92b926f528b883a0a0e2332d3c62f72fb47cec49662cdfe139aa0e75860
    Size: 1.11 MB
  10. bind-libs-lite-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 76dd7ace5e93dc09a5baaffb24b564a8
    SHA-256: 9625854038c330d5b302eedb58350a4cd925b2710bef1fe30d2e109467612fa5
    Size: 1.13 MB
  11. bind-license-9.11.4-26.P2.16.0.1.el7.AXS7.noarch.rpm
    MD5: 37e51b517769223b8d4d551cf3f891ba
    SHA-256: 32b56a4de3e21f119cf7d70732136fdbcf7a9354b12f5e9deef96ef9ad687b17
    Size: 91.57 kB
  12. bind-pkcs11-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 8eabd26bd4d0098c7c837c4a7706ae69
    SHA-256: 2cc1ca5a98eeafec478b1187410986c563d926364195973b3d6d254f9b4fd1db
    Size: 362.70 kB
  13. bind-pkcs11-libs-9.11.4-26.P2.16.0.1.el7.AXS7.i686.rpm
    MD5: 59421ba6178fc06b6d496e0675ca9376
    SHA-256: 446bf585295a686c8fd5c86acf275ea9b85c0f45150817dfb24bf5280415d3c5
    Size: 1.06 MB
  14. bind-pkcs11-libs-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 58ba4d7cd5631b249557c16203981087
    SHA-256: 278b5e1644f5bd737ea02433603ca1983c536b40010aef701caa6670489756d9
    Size: 1.08 MB
  15. bind-pkcs11-utils-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 66b12ecf48016b7e0eeb03ad063ba175
    SHA-256: 43f6f2cb9c70d11fd5b222c5ef6f8097f30f695a5ca10ea1d0a6f1b924bb91ed
    Size: 209.97 kB
  16. bind-utils-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: da513e6a867ebbb33db2c24e1bec93f1
    SHA-256: 7cc32801d6ceb8201456a48b6473948240e4646a55311adb0b766819104a8bb0
    Size: 261.43 kB
  17. dhclient-4.2.5-
    MD5: 9a315ccd33685b1d6b9580b66753c649
    SHA-256: 001a387fa4a5e67f4fec2429a11b66f1b832031d565d69483893163138bf3aaf
    Size: 285.37 kB
  18. dhcp-4.2.5-
    MD5: c47444868f98f58c53d72aebebeaec4b
    SHA-256: 89cc1b434130a53d28d6b6b83cb7271b08a632623e4757553d1fd291f6432102
    Size: 514.25 kB
  19. dhcp-common-4.2.5-
    MD5: d94ac833a0ab6047d380dbd1fd984720
    SHA-256: 0538dc9e86049dc80d263328bba37ba8c7c0e5342fc87087aa1572b02b9a7581
    Size: 175.78 kB
  20. dhcp-libs-4.2.5-
    MD5: 2c20b38b3830b8806b6870a9ffd74e46
    SHA-256: f9374a74986a55bfc9ddca73dfd8281acb8f9a0608325258970dc7f1a827f30d
    Size: 132.29 kB
  21. dhcp-libs-4.2.5-
    MD5: c4e4c1fc11c01431e575c6b8c11fa525
    SHA-256: 2ea38369351b53b6b2985dfa0ab284b109a315006e19a5a15deafe289f2a11bd
    Size: 132.47 kB