python-dns-1.15.0-12.el8
エラータID: AXSA:2024-8211:01
リリース日:
2024/06/15 Saturday - 01:15
題名:
python-dns-1.15.0-12.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-dns には、名前解決の対象のサーバーからの有効な
パケットの受信を待機するための仕組みが欠落しているため、
リモートの攻撃者により、DNS 応答が返される前に DNS
応答として返される IP アドレスとポート番号から無効な
パケットを送信することを介して、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2023-29483)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-29483
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
追加情報:
N/A
ダウンロード:
SRPMS
- python-dns-1.15.0-12.el8.src.rpm
MD5: 9db9395cf13f1d1f50f9d14f584faa1d
SHA-256: 825ad9154f6e2f61a80b3c168085cb57e641f5128af5039b340d458c450a8876
Size: 169.62 kB
Asianux Server 8 for x86_64
- python3-dns-1.15.0-12.el8.noarch.rpm
MD5: 71f96d2405ae2f80a312f8642273bb6a
SHA-256: fdf7dfc0b6c05625714e99b16da723bd8f862a7622420751c884b24063fbc939
Size: 252.25 kB