unbound-1.16.2-18.el9_6
エラータID: AXSA:2025-10520:03
リリース日:
2025/07/18 Friday - 15:00
題名:
unbound-1.16.2-18.el9_6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Unbound には、非常に大きなリソースレコードセット (RRset) を
含み、名前の圧縮処理が必要となる応答メッセージを処理する際に、
意図しない CPU リソースを消費してしまう問題があるため、リモート
の攻撃者により、細工されたリクエストの送信を介して、サービス
拒否攻撃 (CPU リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2024-8508)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-8508
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
追加情報:
N/A
ダウンロード:
SRPMS
- unbound-1.16.2-18.el9_6.src.rpm
MD5: 20ade12af2d59a661562ec0583dc9e00
SHA-256: a974cfc9a1ad76fb9370af019d19d0356d2745e91a573b16240db4f7ccfd0252
Size: 6.01 MB
Asianux Server 9 for x86_64
- python3-unbound-1.16.2-18.el9_6.x86_64.rpm
MD5: 7de9887b7f0e5b848e6006f2bc2545d8
SHA-256: 565d593c55da669c8b4486084d9cf4225a401712a957078d1a6f14f80f1147a7
Size: 105.29 kB - unbound-1.16.2-18.el9_6.x86_64.rpm
MD5: 11863f7371026e1aa775ef1531f2fce7
SHA-256: 55e0ba8a4648979cc21ef3f34441c293309720d586bc63f64253c2d208ffb619
Size: 972.19 kB - unbound-devel-1.16.2-18.el9_6.i686.rpm
MD5: 23f5809533be6b3bc3b33d224ef4cfbd
SHA-256: 1a04d891d294ff97ccfa4baed2182d1875a31a3deb3f54a80d659ee72ef77bd1
Size: 38.37 kB - unbound-devel-1.16.2-18.el9_6.x86_64.rpm
MD5: e3ea484c7f18c8f566eabb4dd790a57a
SHA-256: b67e80685b7eef5ae5210cef2161f54b044faee2cccc7120bf916dc93bbde62b
Size: 38.33 kB - unbound-dracut-1.16.2-18.el9_6.x86_64.rpm
MD5: 3cc3ea00f4cbdaab4667e3d33cdc9454
SHA-256: d56ca37814f3b31f0594ad72c02463cba9d9275e5fbca4a09682987849d4a90f
Size: 9.49 kB - unbound-libs-1.16.2-18.el9_6.i686.rpm
MD5: f41c9c5b49925574528f035efbd68052
SHA-256: 31586326c51637adda46b78593166d677cb1ace5a1f2683d39884dc392599273
Size: 574.14 kB - unbound-libs-1.16.2-18.el9_6.x86_64.rpm
MD5: a80616b883a5e656ee38a14c93d6e26e
SHA-256: ac0b84cfc039cda895ee06edbe64bcba3b4a50db51d27b72d4c624bd598e5c84
Size: 548.48 kB
English