python-dns-2.6.1-3.el9
エラータID: AXSA:2024-9165:02
リリース日:
2024/12/11 Wednesday - 22:46
題名:
python-dns-2.6.1-3.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-dns には、名前解決の対象のサーバーからの有効な
パケットの受信を待機するための仕組みが欠落しているため、
リモートの攻撃者により、DNS 応答が返される前に DNS
応答として返される IP アドレスとポート番号から無効な
パケットを送信することを介して、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2023-29483)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-29483
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
追加情報:
N/A
ダウンロード:
SRPMS
- python-dns-2.6.1-3.el9.src.rpm
MD5: bcd7144286faac86f111fd9dfa971692
SHA-256: a61cbfd8b43bfd199fc64a44e14f6f4c11ff2b6b5e598bbc1d3d994ba2dce2f7
Size: 382.81 kB
Asianux Server 9 for x86_64
- python3-dns-2.6.1-3.el9.noarch.rpm
MD5: d682296658d0b8b7d5a48dc8cb3389f2
SHA-256: 5eced976a61bdb981bd5edf1de78825a7abdf48bcda06573ee71f5af0cd8ac49
Size: 506.73 kB
English