bind9.18-9.18.29-1.el9_5.1
エラータID: AXSA:2025-9706:01
リリース日:
2025/02/25 Tuesday - 22:09
題名:
bind9.18-9.18.29-1.el9_5.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- BIND には、レスポンスに想定外の大量の追加セクション
を含めてしまう問題があるため、リモートの攻撃者により、
細工されたリクエストの送信を介して、サービス拒否攻撃
(CPU などのリソース枯渇) を可能とする脆弱性が存在
します。(CVE-2024-11187)
- BIND には、受信したすべての HTTP/2 パケットを一度に
処理してしまう問題があるため、リモートの攻撃者により、
DNS サーバーへの大量の細工された HTTP/2 パケットの
送信を介して、サービス拒否攻撃 (CPU リソースおよび
メモリの枯渇) を可能とする脆弱性が存在します。
(CVE-2024-12705)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-11187
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
CVE-2024-12705
Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.
Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.
追加情報:
N/A
ダウンロード:
SRPMS
- bind9.18-9.18.29-1.el9_5.1.src.rpm
MD5: 2ec7ee0adbdb60b2ad3f84e4814363c0
SHA-256: 3affa441ba5d61f9a64408b99324429fb1cc0ae7236b58d99e8ccde378be2d6e
Size: 5.40 MB
Asianux Server 9 for x86_64
- bind9.18-9.18.29-1.el9_5.1.x86_64.rpm
MD5: db81e3b08cd1d8a2ca422d04fc1abad9
SHA-256: 790b4a3092bb76f9fc51134dd834e9209bfc0dff4b06a66ac58a4840bce96d5f
Size: 529.37 kB - bind9.18-chroot-9.18.29-1.el9_5.1.x86_64.rpm
MD5: e497ac708592182323a5a784c9edee48
SHA-256: 10274682f5b41ceb4a87db0d5d46009f33629166472cb2cbe771007593193bd6
Size: 16.02 kB - bind9.18-devel-9.18.29-1.el9_5.1.i686.rpm
MD5: 066a41750fde97511df3a4b1c17a3d42
SHA-256: 0193f6a30e25e9f3887ea203a9e39bb43f04201b38b3d66d02fdc7c2de16e8ad
Size: 338.16 kB - bind9.18-devel-9.18.29-1.el9_5.1.x86_64.rpm
MD5: 3a433738ab80bee0ef9706f66f64d49e
SHA-256: e269dee53afc1755072585962a4b678ba1e8aebe48aaba5d73345d0e331a4e2f
Size: 338.00 kB - bind9.18-dnssec-utils-9.18.29-1.el9_5.1.x86_64.rpm
MD5: 30e2e767ee1c9bd4143b53669c2e9152
SHA-256: fa36860bc15a2e71413581a9df8b7dfa0b988c4d65ef96045f6232559fa66e0f
Size: 149.65 kB - bind9.18-doc-9.18.29-1.el9_5.1.noarch.rpm
MD5: b8061273aae39d01ed7e2038ccdc5789
SHA-256: a0551e2056a5b54a5791985d43503fc831d2508245a2ec59f968ffa75c7bace0
Size: 2.70 MB - bind9.18-libs-9.18.29-1.el9_5.1.i686.rpm
MD5: 08045f961c9691d484bbd4c53556238e
SHA-256: e762b66dd9c5446fe3323093b82b90ca9893295c1b36fbf2b1e58553de877238
Size: 1.34 MB - bind9.18-libs-9.18.29-1.el9_5.1.x86_64.rpm
MD5: 5c884e431b9c9a0ac1fddcb3986c9d70
SHA-256: 6e49bab4496dee074800967bb7125ac6cee967d1dd56ae500ee31fd97629b2d3
Size: 1.25 MB - bind9.18-utils-9.18.29-1.el9_5.1.x86_64.rpm
MD5: c35d6de2ed76c0db600660ee5d9ee3fd
SHA-256: 9d18b4fddc11618db973245d1e228fcff81800d5a06c2c2b893cf33bffa15544
Size: 222.05 kB
English