bind-9.11.36-14.el8, dhcp-4.3.6-50.el8

エラータID: AXSA:2024-8332:03

リリース日: 
2024/06/17 Monday - 22:02
題名: 
bind-9.11.36-14.el8, dhcp-4.3.6-50.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- BIND の named には、リモートの攻撃者により、非常に
長くなるように細工されたクエリの送信を介して、サービス
拒否攻撃 (CPU リソースの枯渇) を可能とする脆弱性が存在
します。(CVE-2023-4408)

- BIND の DNSSEC の処理には、多数の DNSKEY および
RRSIG レコードを持つゾーンが存在している場合、リモート
の攻撃者により、細工された DNSSEC 応答の受信を介して、
サービス拒否攻撃 (CPU リソースの枯渇) を可能とする脆弱性
が存在します。(CVE-2023-50387)

- BIND の最近接名の解決機能には、リモートの攻撃者に
より、DNSSEC 署名ゾーンの NSEC3 レコードを含む応答
を DNSSEC リゾルバーに引き渡すことを介して、サービス
拒否攻撃 (CPU リソースの枯渇) を可能とする脆弱性が存在
します。(CVE-2023-50868)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-4408
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. bind-9.11.36-14.el8.src.rpm
    MD5: f9379f9dcc3fcb536416c4265f02c9d2
    SHA-256: 31ad6532576a52ba3158e83b20686391b4718b268c3f6c8e8efbe06d718f3eee
    Size: 8.19 MB
  2. dhcp-4.3.6-50.el8.src.rpm
    MD5: eb457066a4842c313ec7264df19711be
    SHA-256: 071960f0c5c9a59a9e2dd700a0328369a3b52019de9af89ad898017403988acd
    Size: 9.91 MB

Asianux Server 8 for x86_64
  1. bind-9.11.36-14.el8.x86_64.rpm
    MD5: efaad769f37d31f62c19415cf6f8d5fb
    SHA-256: 82f2ca1341a6ee3adf1ab42c6846898c1223118ffb2dd8d24ccef199cf01912a
    Size: 2.13 MB
  2. bind-chroot-9.11.36-14.el8.x86_64.rpm
    MD5: c165285a1c8ff77415b14ca80afdd2ce
    SHA-256: ecabd29553ec2ac9064a42ab54694e090aec69fd356b359d4c12a648b8a0a986
    Size: 105.58 kB
  3. bind-devel-9.11.36-14.el8.i686.rpm
    MD5: 37ecfc6d2e91c4c832bf07f6f484fce4
    SHA-256: e7dd245a21408fe7753dae81d292350fdebdfb9845439dbb8ceae63f73f6974b
    Size: 178.13 kB
  4. bind-devel-9.11.36-14.el8.x86_64.rpm
    MD5: 8b70cd74e243b4e37b69367d311cb199
    SHA-256: eb86b787bac44f64d4506407f872c101750230918b0baa9ebc8da5ba8ba3cf50
    Size: 178.11 kB
  5. bind-export-devel-9.11.36-14.el8.i686.rpm
    MD5: dc19cfa7d53a46e62815bcbecdc777d3
    SHA-256: e31d5d0df6f016d84c9785965466b153a2a189129fb491a58034b511dd55c4cc
    Size: 407.55 kB
  6. bind-export-devel-9.11.36-14.el8.x86_64.rpm
    MD5: 0320de4320b43fb86a76a06e1c859aee
    SHA-256: f59e16c761bc86984b9de261b8ee9dc864bb76691ef96f48d52afbc7eb83224e
    Size: 407.52 kB
  7. bind-export-libs-9.11.36-14.el8.i686.rpm
    MD5: 7dc3dce201d68d84df42eaa9763a23f1
    SHA-256: 17a94c7239cdfaf4a8e2858243b64e7bc8198cfb95bd5113398ca4f588ee12db
    Size: 1.21 MB
  8. bind-export-libs-9.11.36-14.el8.x86_64.rpm
    MD5: d2b54b77f9794488a3e5ef8aa346a89d
    SHA-256: ec0a8080f17976c44dc2b1b38219652168cd8602fdcc14c917f82af5f6292063
    Size: 1.14 MB
  9. bind-libs-9.11.36-14.el8.i686.rpm
    MD5: d62bb3551a7fd070f8f158f97d60c0f5
    SHA-256: 563e5f736ea3329aa3cbc7724f33a70ffee37ca4919c83f998d9ee04a3198609
    Size: 180.64 kB
  10. bind-libs-9.11.36-14.el8.x86_64.rpm
    MD5: c0f3018fc1f93345562a43cfb63877f5
    SHA-256: 27650403c7fc297e3885fd2b56503752529c4befde1cd144c2055b19ec0676d8
    Size: 175.08 kB
  11. bind-libs-lite-9.11.36-14.el8.i686.rpm
    MD5: 619f319e4ccd4d8e28e118ac609d52d0
    SHA-256: 009340e3a6ea01887d8cd248c6f942b071300d1e997dae4aeadad3e2c11af77d
    Size: 1.27 MB
  12. bind-libs-lite-9.11.36-14.el8.x86_64.rpm
    MD5: d9d9ab296d634aecb5551b1ca4009f52
    SHA-256: 030dc8098475f18e0b73d97cd55606b4230addede9b841ae88972d634cd910c6
    Size: 1.19 MB
  13. bind-license-9.11.36-14.el8.noarch.rpm
    MD5: 2e932c5283e54e4fad778334c4c71dc7
    SHA-256: e22063a65f1bffd83cf51e7e996460c636b40c8484af3128f3c1f7667e14ef4f
    Size: 103.47 kB
  14. bind-lite-devel-9.11.36-14.el8.i686.rpm
    MD5: 1cfbe191f677ff4e6c097beaa74873b1
    SHA-256: 7b5f63068f868b3177aa1b1a274a72fddbd6e393612baf6d83c444dfd9fa68a4
    Size: 400.77 kB
  15. bind-lite-devel-9.11.36-14.el8.x86_64.rpm
    MD5: 04de27c4385b42e66b711e29aa699ca5
    SHA-256: 26d7d94bed72786c1f08abc0ab84af63b9f84e7b577080006fddbcffdc8a2872
    Size: 400.79 kB
  16. bind-pkcs11-9.11.36-14.el8.x86_64.rpm
    MD5: 70dd06659a3c0c8912e97cafcc8b0124
    SHA-256: 13a3c733f0ff53f005b55f577a73d5d2a6ce1819be18c0e66afb31b93528bff5
    Size: 398.83 kB
  17. bind-pkcs11-devel-9.11.36-14.el8.i686.rpm
    MD5: 203a57dde1e236e24448b04172b6945c
    SHA-256: 58d09588099536888ca11ff7cbf5d7998e5f59bc9439c876d0bdacb776fe2417
    Size: 115.68 kB
  18. bind-pkcs11-devel-9.11.36-14.el8.x86_64.rpm
    MD5: 47d2ac011644a1b8650ec5f542c39a7d
    SHA-256: f437de3dacec7fb86c1aee9a999198c74a826561bb635db8a4eabc368f205662
    Size: 115.67 kB
  19. bind-pkcs11-libs-9.11.36-14.el8.i686.rpm
    MD5: 835cb1e99940e205b09a2a88ee5b357e
    SHA-256: 88b0e08463fa047cb1fc1a72eeec653bbd85ec623fcfd1d370f970410442894f
    Size: 1.21 MB
  20. bind-pkcs11-libs-9.11.36-14.el8.x86_64.rpm
    MD5: c01f1a4392dc34b8937ed826081ea1b1
    SHA-256: fdcac293351690f71a3866cc6280ce3e7b08d377b951df93812d62e4d275c0e6
    Size: 1.13 MB
  21. bind-pkcs11-utils-9.11.36-14.el8.x86_64.rpm
    MD5: c5f52c29a13b3b695faf6413f57a093f
    SHA-256: 2b0501458a680a84d35a7a7e78a8737daac5fc5d1b9b3435202213ae60e29bd8
    Size: 260.58 kB
  22. bind-sdb-9.11.36-14.el8.x86_64.rpm
    MD5: 065a6066fd3836d34ec033aea13edfaf
    SHA-256: 781a00da6571c6356bd73e05f45604c95e5e7f806f3a5d4e5d7fc28c69b359d8
    Size: 458.82 kB
  23. bind-sdb-chroot-9.11.36-14.el8.x86_64.rpm
    MD5: ffcb56748e1e52b6afe2aca4bfd51aad
    SHA-256: bc5778aa764c4df7e3dd6cf1231972dbbfb92f6c8ffa13192209a71e2876cbc1
    Size: 105.21 kB
  24. bind-utils-9.11.36-14.el8.x86_64.rpm
    MD5: e53d85414448b91d532f7df2be1c8bbd
    SHA-256: da888783abe298ee96b0676604d9aa6a8efe3c7511e27befed73cd1ad1062afc
    Size: 452.00 kB
  25. dhcp-client-4.3.6-50.el8.x86_64.rpm
    MD5: 55b6f793893be4a96aea3284b92a8f8b
    SHA-256: 466ee677ede90ea65b3e0a18e1035f26892b4daefaf3a8238294f965ca3ea4b9
    Size: 317.29 kB
  26. dhcp-common-4.3.6-50.el8.noarch.rpm
    MD5: 7d8e6e0a01e5601ae545b25097e41da7
    SHA-256: 2aba9bf58008ede1a898be7365df1f606f95c6afca8d5f7b25d1ed2fb6d55eee
    Size: 206.39 kB
  27. dhcp-libs-4.3.6-50.el8.i686.rpm
    MD5: 9994da3f23ef244f6ef3bbe5ec344925
    SHA-256: 6875831284bd4990b60a1806a0c268b03d0aab3dc9ed5d0667e2898fa03794c0
    Size: 152.35 kB
  28. dhcp-libs-4.3.6-50.el8.x86_64.rpm
    MD5: fbe32e81526ab284d7048b2ea7547e96
    SHA-256: 5c4433938b484aaa0f108360a2f52f3b3a667b85ec87ea246fb5c1612205ab78
    Size: 147.02 kB
  29. dhcp-relay-4.3.6-50.el8.x86_64.rpm
    MD5: 3b883c3b26e8cb40a5e822bb1391406d
    SHA-256: ec1510d983323a8523170f3e199772b7ba5bcda5af0c38760d9283ac05255692
    Size: 235.74 kB
  30. dhcp-server-4.3.6-50.el8.x86_64.rpm
    MD5: ded181c6cdf0850633db602bba0b04bc
    SHA-256: f3b10e8f02bb43e137274c32831199e22c49c9a27b0bb063034359abbe69eb07
    Size: 529.23 kB
  31. python3-bind-9.11.36-14.el8.noarch.rpm
    MD5: a85e04dd0bacc56d971170f4c70c38ef
    SHA-256: ad822b077e5fdde87d89695e43398edbea77955967f07f23e6cb45223746cd8c
    Size: 150.74 kB