bind9.16-9.16.23-0.22.el8_10
エラータID: AXSA:2024-8665:02
リリース日:
2024/08/15 Thursday - 16:05
題名:
bind9.16-9.16.23-0.22.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND には、大量のリソースレコードを持つホストへの
レコードの追加や更新時に、リゾルバキャッシュや権限
ゾーンデータベースのアクセス速度が意図せず低下して
しまう問題があるため、リモートの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-1737)
- BIND には、"KEY" リソースレコードを含むゾーンを
管理している場合、もしくは DNSSEC 検証機能を用いて
"KEY" リソースレコードを検証する場合に、リモートの
攻撃者により、SIG(0) 署名が含まれるように細工された
リクエストの送信を介して、サービス拒否攻撃 (CPU
リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2024-1975)
- BIND には、アサーションに失敗する問題があるため、
リモートの攻撃者により、DNSクエリを介して、
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-4076)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-1737
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-1975
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
追加情報:
N/A
ダウンロード:
SRPMS
- bind9.16-9.16.23-0.22.el8_10.src.rpm
MD5: f1a09f563832ac3017c529ef55e8cf65
SHA-256: 24923d4af4c542d7800afce5da189af8c203eea6bcb8bafd0d0a8e47e0362109
Size: 5.15 MB
Asianux Server 8 for x86_64
- bind9.16-9.16.23-0.22.el8_10.x86_64.rpm
MD5: 6a985b0b73080c27be92374e3bf7ab25
SHA-256: 5b6a264167c66cc184279a35e6efda28f513c431f061f6f7254aa5ee1f5541ba
Size: 604.23 kB - bind9.16-chroot-9.16.23-0.22.el8_10.x86_64.rpm
MD5: be597024a05375c096f62d1e44c0b253
SHA-256: d3cf746f905488e46aacb9da5e8b2f23885594d0b96783a31d0ca35e66df98cd
Size: 111.96 kB - bind9.16-devel-9.16.23-0.22.el8_10.i686.rpm
MD5: cae71d98985a5fafa2d692a5f3166bb0
SHA-256: 5143ec356ec9eaf47a0d4e861186f53a491f4263d1b744cec69b165e4a68f605
Size: 427.91 kB - bind9.16-devel-9.16.23-0.22.el8_10.x86_64.rpm
MD5: f5195a9f74379bb8604ea18cbc1cfcfe
SHA-256: 8bb0a78dfcc69c9cf033f2dbd9dafce8107c93315f4f82bfc8c0c6e67107221c
Size: 427.88 kB - bind9.16-dnssec-utils-9.16.23-0.22.el8_10.x86_64.rpm
MD5: 570471a6d7cdcfc69a558a05d4d14bc5
SHA-256: 083d62d08df725356f7f811829732d9d524360a24ab4aecc6076ee6f49a8dbe9
Size: 245.21 kB - bind9.16-doc-9.16.23-0.22.el8_10.noarch.rpm
MD5: f32c12d3fa2589bddbb2036fbbbe63f2
SHA-256: bcf2acddefc64a47bfc0fb2e22448508e1ef655fd023e6dbe069d519ae4260b5
Size: 3.67 MB - bind9.16-libs-9.16.23-0.22.el8_10.i686.rpm
MD5: 8ffd03272cf68c2d137a943f889af407
SHA-256: e1e3ee191818c55eed594972999cc5b9ddfba235345df14d15506bfe33b7b621
Size: 1.46 MB - bind9.16-libs-9.16.23-0.22.el8_10.x86_64.rpm
MD5: e304e7667a390bc8229ef421a4335305
SHA-256: d4c6f73b696940f5c1aae0204c3c045e0db2609b4c3d811ecaddb71cb4e299ee
Size: 1.36 MB - bind9.16-license-9.16.23-0.22.el8_10.noarch.rpm
MD5: 78e825f878620df6870b986e5912987c
SHA-256: 47768b9470b0520308bba4b22d1b315d04f58200b858e042e86daa946683a44c
Size: 108.20 kB - bind9.16-utils-9.16.23-0.22.el8_10.x86_64.rpm
MD5: feb8c14cffd6626bbbb833efdd152ead
SHA-256: 1be545c9d2758ae3d484a6f193e4b445c237f136db561d48f5e8fc4942a7920f
Size: 290.27 kB - python3-bind9.16-9.16.23-0.22.el8_10.noarch.rpm
MD5: 157ebdfddf8f898eeb12845219704e11
SHA-256: 5af27b7513b5742080976c6a3591e51731901d932dfe105991e7d206cbbd37a2
Size: 156.49 kB
English