bind-9.11.4-26.P2.16.0.2.el7.AXS7
エラータID: AXSA:2024-8817:03
リリース日:
2024/09/20 Friday - 17:09
題名:
bind-9.11.4-26.P2.16.0.2.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND には、大量のリソースレコードを持つホストへの
レコードの追加や更新時に、リゾルバキャッシュや権限
ゾーンデータベースのアクセス速度が意図せず低下して
しまう問題があるため、リモートの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-1737)
- BIND には、"KEY" リソースレコードを含むゾーンを
管理している場合、もしくは DNSSEC 検証機能を用いて
"KEY" リソースレコードを検証する場合に、リモートの
攻撃者により、SIG(0) 署名が含まれるように細工された
リクエストの送信を介して、サービス拒否攻撃 (CPU
リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2024-1975)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-1737
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2024-1975
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- bind-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: eceffe80db2572ce504f1cf9426c3965
SHA-256: 7b6845ab8f4ea898b40505e18c4a94b495e512f4b4eff7eeb3fd1f6d1350c178
Size: 2.32 MB - bind-chroot-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: fbe6033f7d82968a435413b831020fd4
SHA-256: 4d29fecc2218bcaa62e0561b2e51e3af648b577f414233035a15a224588a3e81
Size: 93.73 kB - bind-export-devel-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: 400e1dece211a7d5fa15c41d11518a39
SHA-256: fe420676917604f9480e51b13e1222853969b630db07a59242c61dca4c06e26f
Size: 390.59 kB - bind-export-libs-9.11.4-26.P2.16.0.2.el7.AXS7.i686.rpm
MD5: d30647c3eebdaed037bd786eaa87434f
SHA-256: be44e25dd728d22a8d5109e150627b93b5e9449bdfd205c23bdea21b9a09a870
Size: 1.08 MB - bind-export-libs-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: f8883dddf111c05c3b6bf10e2cebf8c9
SHA-256: a59398092ae07ec1baa0e489b7fe6da982a1c0b9ee80a0338128f44342f1f7c7
Size: 1.10 MB - bind-libs-9.11.4-26.P2.16.0.2.el7.AXS7.i686.rpm
MD5: 395f0ee4a0dca25084051454dc915ce7
SHA-256: 58fb99b20925f94380259a30e94363ab8612626c036d97e4219af86d97360890
Size: 157.41 kB - bind-libs-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: 7831df659d85848043bc00b4ca64914a
SHA-256: 25d1b026f231640bdd80ca8d51c7db629e433f19b8994789ed587bf57bf19d4e
Size: 158.32 kB - bind-libs-lite-9.11.4-26.P2.16.0.2.el7.AXS7.i686.rpm
MD5: e15d0b7f8f89b1b5e3e75b4ac63d2421
SHA-256: 8592af0c875223d34393b7bdb58c51eeed71659b708ddbdbdd8da9c38ad768ac
Size: 1.11 MB - bind-libs-lite-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: 101f844c39347363950747cd96f5b7ca
SHA-256: 076f28f31471db1784aee007ceb8205d13760218b264e23022562708a862e640
Size: 1.13 MB - bind-license-9.11.4-26.P2.16.0.2.el7.AXS7.noarch.rpm
MD5: 1db6a2e62de6606311a193602e11607f
SHA-256: 88b5089c8b733afa5dac1988a8e572a053748f15874e49e5e2e90ce121e6e2df
Size: 91.95 kB - bind-pkcs11-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: 8290edd2d44ba40c9014d45d5547e16e
SHA-256: 08ac5ef3418aaf5549dbabc4b6382863a38f0a0909abc34f9a69b1e58b327dce
Size: 363.21 kB - bind-pkcs11-libs-9.11.4-26.P2.16.0.2.el7.AXS7.i686.rpm
MD5: ce889dfe2b9aeed7c33811b00bfd1e6c
SHA-256: 918807fd2536f75c6f6ab116e9a2bc13ed4f098bbf9161abe94f600cf46ffa5a
Size: 1.06 MB - bind-pkcs11-libs-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: a9f785864cc6b9235647b46b4d26938b
SHA-256: 4cf93a77b90c71e3a4dc6991bea61414ffdb9f37138b2b622a5238435ff0ee96
Size: 1.08 MB - bind-pkcs11-utils-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: 1ae12f9fc2e6348eef1fef66cbdd9177
SHA-256: 868836e36bb23f064dd85a8a8d1591e1a398a3f115abbb338363ff3311a83434
Size: 210.38 kB - bind-utils-9.11.4-26.P2.16.0.2.el7.AXS7.x86_64.rpm
MD5: 165099b00ddd5fc3583ac283c6492699
SHA-256: 04ac7acddee753f07f7ae629f0e4626eb80e762325cfaf628c68a749974a3a87
Size: 261.82 kB