unbound-1.6.6-5.0.1.el7.AXS7
エラータID: AXSA:2024-8714:05
リリース日:
2024/08/26 Monday - 18:07
題名:
unbound-1.6.6-5.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND の DNSSEC の処理には、多数の DNSKEY および
RRSIG レコードを持つゾーンが存在している場合、
リモートの攻撃者により、細工された DNSSEC 応答の
受信を介して、サービス拒否攻撃 (CPU リソースの枯渇)
を可能とする脆弱性が存在します。(CVE-2023-50387)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- unbound-1.6.6-5.0.1.el7.AXS7.x86_64.rpm
MD5: 60c66279adac1f35a3c061348b1154af
SHA-256: 43d03c5bbb5cb8970eed88dc11a576c48d96ce07882bd6fd5946056509ace947
Size: 683.18 kB - unbound-libs-1.6.6-5.0.1.el7.AXS7.i686.rpm
MD5: 1415c1559d06f7d8e996efc779da7647
SHA-256: 82012b591f6fcd663688f98aad4e31f437480da394cee27559b168d6cef1d21f
Size: 397.55 kB - unbound-libs-1.6.6-5.0.1.el7.AXS7.x86_64.rpm
MD5: e6643ec0b19b964d40c2f66da4da7aa0
SHA-256: 44b132e430969df5da2bac8ee0416c5030138e1594b4d705a358f4cb64f307af
Size: 407.06 kB