unbound-1.6.6-5.0.3.el7.AXS7
エラータID: AXSA:2024-8987:07
リリース日:
2024/11/13 Wednesday - 13:52
題名:
unbound-1.6.6-5.0.3.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND の最近接名の解決機能には、リモートの攻撃者により、
DNSSEC 署名ゾーンの NSEC3 レコードを含む応答を DNSSEC
リゾルバーに引き渡すことを介して、サービス拒否攻撃 (CPU
リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2023-50868)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- unbound-1.6.6-5.0.3.el7.AXS7.x86_64.rpm
MD5: 8b7b73282996a08a0cb684d8e769b129
SHA-256: a5195d499aff84a7c173160183a74ac8ce9821dc67cafb3f3f6c960ff4458a1f
Size: 680.41 kB - unbound-libs-1.6.6-5.0.3.el7.AXS7.i686.rpm
MD5: 25f35ca69a83703c737c9d4b14421bff
SHA-256: 3a40c98b00877977ed001d2d8834fbc64e5b1c8f5420c7fa643e01570021792c
Size: 399.66 kB - unbound-libs-1.6.6-5.0.3.el7.AXS7.x86_64.rpm
MD5: a148c0e0bc3237c1ba0dbd149aeb0927
SHA-256: ad8fa77c494eb0312131e31c540def184bcc0442db257f6e5a250f910e658cd6
Size: 409.35 kB
English