bind-dyndb-ldap-11.1-7.el7.1, bind-9.11.4-26.P2.16.0.1.el7.AXS7, dhcp-4.2.5-83.2.0.1.el7.AXS7

エラータID: AXSA:2024-8142:01

リリース日: 
2024/06/11 Tuesday - 18:23
題名: 
bind-dyndb-ldap-11.1-7.el7.1, bind-9.11.4-26.P2.16.0.1.el7.AXS7, dhcp-4.2.5-83.2.0.1.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Bind-dyndb-ldap provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server.

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

* bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
* bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)
* bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-4408
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. bind-dyndb-ldap-11.1-7.el7.1.src.rpm
    MD5: 458f970d6b4340a9f23271948782f5dd
    SHA-256: 3d943a4f961ecbf45914918c90072ec263e88ed11996c704b5a6b2e9e8029efe
    Size: 381.32 kB
  2. bind-9.11.4-26.P2.16.0.1.el7.AXS7.src.rpm
    MD5: b77da325c1c7ad2d06e26b89342d9930
    SHA-256: d35026b150c9f576ffab76edddb2f228eca5cd19842d2823b5087492e4d6bcc3
    Size: 9.41 MB
  3. dhcp-4.2.5-83.2.0.1.el7.AXS7.src.rpm
    MD5: 54c8b3be122c8da5a1f56e28bb70ae80
    SHA-256: 872f5733376a32448d94405dab1b2fc9ec4d24d1758d077c1c037ed5dded6c99
    Size: 8.12 MB

Asianux Server 7 for x86_64
  1. bind-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 3a9d9b2ea6c873e7a5900a4de90b7a3e
    SHA-256: 044c97ecb4ab07ca614a3d0f53abe86dc37de6ad5c0075fe7a1b561c12d3939f
    Size: 2.32 MB
  2. bind-chroot-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 49ebc8f9caf39d31edfd5470cf54ac69
    SHA-256: 1e99d8d81ee08e46b80c4e0a95492f0c683d5763b1e3a359e728a3549683d2e1
    Size: 93.34 kB
  3. bind-dyndb-ldap-11.1-7.el7.1.x86_64.rpm
    MD5: dba7bb6ace32f2a50e8b1a320125613e
    SHA-256: e05609a289393499e21d0cb7ac65272599a274b72d997d9cc301ff6dc6033bb1
    Size: 120.46 kB
  4. bind-export-devel-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: ea47afdbb2938b857619bda5192c4c0d
    SHA-256: bcc079274ce43cf2ebcabe7142220246b59abe2bc5a9f8160abe37fb33c798a7
    Size: 390.20 kB
  5. bind-export-libs-9.11.4-26.P2.16.0.1.el7.AXS7.i686.rpm
    MD5: d7f47d738811ce31101470698e7e7009
    SHA-256: 1501ad97e60af347325859f30dee88b8cd7796c6e415138dc6ee0d523c5a334c
    Size: 1.08 MB
  6. bind-export-libs-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 8d32ce6469832ef680caabcb8a731f8e
    SHA-256: 32a3771002d214c99017f32b9ca5cc4ceff70c96c533253655dde7301361925c
    Size: 1.10 MB
  7. bind-libs-9.11.4-26.P2.16.0.1.el7.AXS7.i686.rpm
    MD5: c5735a1b9da50f06201e2db1e33a518b
    SHA-256: d0419f9c4fd9d56596e0c1be7c1e797118881a19edd5d3a8df669438d457f632
    Size: 157.05 kB
  8. bind-libs-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 49b604536a236976557599d88d1bf0e0
    SHA-256: a7d5af406cfb04562bc49c55fc5616396a25c3770c39201243cb3e1efb777aa1
    Size: 157.92 kB
  9. bind-libs-lite-9.11.4-26.P2.16.0.1.el7.AXS7.i686.rpm
    MD5: 183346a67c192707d33451c35ff550ec
    SHA-256: 4ba8c92b926f528b883a0a0e2332d3c62f72fb47cec49662cdfe139aa0e75860
    Size: 1.11 MB
  10. bind-libs-lite-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 76dd7ace5e93dc09a5baaffb24b564a8
    SHA-256: 9625854038c330d5b302eedb58350a4cd925b2710bef1fe30d2e109467612fa5
    Size: 1.13 MB
  11. bind-license-9.11.4-26.P2.16.0.1.el7.AXS7.noarch.rpm
    MD5: 37e51b517769223b8d4d551cf3f891ba
    SHA-256: 32b56a4de3e21f119cf7d70732136fdbcf7a9354b12f5e9deef96ef9ad687b17
    Size: 91.57 kB
  12. bind-pkcs11-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 8eabd26bd4d0098c7c837c4a7706ae69
    SHA-256: 2cc1ca5a98eeafec478b1187410986c563d926364195973b3d6d254f9b4fd1db
    Size: 362.70 kB
  13. bind-pkcs11-libs-9.11.4-26.P2.16.0.1.el7.AXS7.i686.rpm
    MD5: 59421ba6178fc06b6d496e0675ca9376
    SHA-256: 446bf585295a686c8fd5c86acf275ea9b85c0f45150817dfb24bf5280415d3c5
    Size: 1.06 MB
  14. bind-pkcs11-libs-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 58ba4d7cd5631b249557c16203981087
    SHA-256: 278b5e1644f5bd737ea02433603ca1983c536b40010aef701caa6670489756d9
    Size: 1.08 MB
  15. bind-pkcs11-utils-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: 66b12ecf48016b7e0eeb03ad063ba175
    SHA-256: 43f6f2cb9c70d11fd5b222c5ef6f8097f30f695a5ca10ea1d0a6f1b924bb91ed
    Size: 209.97 kB
  16. bind-utils-9.11.4-26.P2.16.0.1.el7.AXS7.x86_64.rpm
    MD5: da513e6a867ebbb33db2c24e1bec93f1
    SHA-256: 7cc32801d6ceb8201456a48b6473948240e4646a55311adb0b766819104a8bb0
    Size: 261.43 kB
  17. dhclient-4.2.5-83.2.0.1.el7.AXS7.x86_64.rpm
    MD5: 9a315ccd33685b1d6b9580b66753c649
    SHA-256: 001a387fa4a5e67f4fec2429a11b66f1b832031d565d69483893163138bf3aaf
    Size: 285.37 kB
  18. dhcp-4.2.5-83.2.0.1.el7.AXS7.x86_64.rpm
    MD5: c47444868f98f58c53d72aebebeaec4b
    SHA-256: 89cc1b434130a53d28d6b6b83cb7271b08a632623e4757553d1fd291f6432102
    Size: 514.25 kB
  19. dhcp-common-4.2.5-83.2.0.1.el7.AXS7.x86_64.rpm
    MD5: d94ac833a0ab6047d380dbd1fd984720
    SHA-256: 0538dc9e86049dc80d263328bba37ba8c7c0e5342fc87087aa1572b02b9a7581
    Size: 175.78 kB
  20. dhcp-libs-4.2.5-83.2.0.1.el7.AXS7.i686.rpm
    MD5: 2c20b38b3830b8806b6870a9ffd74e46
    SHA-256: f9374a74986a55bfc9ddca73dfd8281acb8f9a0608325258970dc7f1a827f30d
    Size: 132.29 kB
  21. dhcp-libs-4.2.5-83.2.0.1.el7.AXS7.x86_64.rpm
    MD5: c4e4c1fc11c01431e575c6b8c11fa525
    SHA-256: 2ea38369351b53b6b2985dfa0ab284b109a315006e19a5a15deafe289f2a11bd
    Size: 132.47 kB