公告ID(KYSA-202201-1035)
公告ID:KYSA-202201-1035
公告摘要:bind安全漏洞
等級:Important
發(fā)布日期:2022-01-27
詳細介紹
1.修復的CVE
·CVE-2018-5743
描述:在bind實現(xiàn)可調(diào)的方式中發(fā)現(xiàn)了一個缺陷�����,該缺陷限制了同時進行的TCP客戶端連接。遠程攻擊者可以利用此漏洞耗盡named可用的文件描述符池,從而可能影響網(wǎng)絡連接和日志文件或區(qū)域日志文件等文件的管理����。在命名進程不受操作系統(tǒng)強制的每個進程限制的情況下,這還可能導致耗盡該系統(tǒng)上所有可用的可用文件描述符��。
·CVE-2020-8616
描述:在BIND中發(fā)現(xiàn)了一個缺陷�����,該缺陷沒有充分限制在處理引用響應時可以執(zhí)行的獲取數(shù)�。此漏洞允許攻擊者造成拒絕服務攻擊。攻擊者還可以利用此行為將遞歸服務器用作高放大因子的反射攻擊中的反射器�。
·CVE-2020-8617
描述:在BIND中發(fā)現(xiàn)斷言失敗,它檢查包含TSIG資源記錄的消息的有效性���。此漏洞允許知道或成功猜測服務器使用的TSIG密鑰名稱的攻擊者使用構建的消息���,從而可能導致綁定服務器達到不一致的狀態(tài)或?qū)е戮芙^服務。大多數(shù)BIND服務器都有一個內(nèi)部生成的TSIG會話密鑰����,該密鑰的名稱很容易猜到,除非特別禁用�����,否則該密鑰會暴露漏洞。
·CVE-2020-8625
描述:ISC BIND是美國ISC公司的一套實現(xiàn)了DNS協(xié)議的開源軟件���。BIND 存在安全漏洞��,該漏洞源于通過顯式地為tkey-gssapi-keytab或tkey-gssapi-credentialconfiguration選項設置有效值����,服務器可能會變得脆弱����。
·CVE-2021-25214
描述:ISC BIND是美國ISC公司的一套實現(xiàn)了DNS協(xié)議的開源軟件。ISC BIND 存在安全漏洞�,該漏洞導致接收已命名服務器無意中從區(qū)域數(shù)據(jù)庫中刪除有問題的區(qū)域的SOA記錄。
2.受影響的軟件包
·中標麒麟高級服務器操作系統(tǒng) V7
·aarch64架構:
bind�、bind-chroot、bind-devel�、bind-export-devel、bind-export-libs�、bind-libs、bind-libs-lite��、bind-license�����、bind-lite-devel����、bind-pkcs11、bind-pkcs11-devel�����、bind-pkcs11-libs����、bind-pkcs11-utils、bind-sdb�、bind-sdb-chroot、bind-utils
·x86_64架構:
bind���、bind-chroot���、bind-devel、bind-export-devel��、bind-export-libs��、bind-libs����、bind-libs-lite�����、bind-license�、bind-lite-devel����、bind-pkcs11、bind-pkcs11-devel����、bind-pkcs11-libs、bind-pkcs11-utils����、bind-sdb、bind-sdb-chroot�����、bind-utils
·銀河麒麟高級服務器操作系統(tǒng) V10
·aarch64架構:
bind���、bind-chroot����、bind-devel、bind-export-devel�、bind-export-libs���、bind-libs�����、bind-libs-lite����、bind-license��、bind-lite-devel��、bind-pkcs11��、bind-pkcs11-devel�����、bind-pkcs11-libs、bind-pkcs11-utils�����、bind-sdb�、bind-sdb-chroot、bind-utils
·x86_64架構:
bind�、bind-chroot、bind-devel����、bind-export-devel、bind-export-libs����、bind-libs、bind-libs-lite����、bind-license、bind-lite-devel��、bind-pkcs11�����、bind-pkcs11-devel、bind-pkcs11-libs��、bind-pkcs11-utils�����、bind-sdb�、bind-sdb-chroot、bind-utils
3.軟件包修復版本
·中標麒麟高級服務器操作系統(tǒng) V7 (aarch64���、x86_64)
bind-9.11.4-26.P2.el7_9.7或以上版本
bind-chroot-9.11.4-26.P2.el7_9.7或以上版本
bind-devel-9.11.4-26.P2.el7_9.7或以上版本
bind-export-devel-9.11.4-26.P2.el7_9.7或以上版本
bind-export-libs-9.11.4-26.P2.el7_9.7或以上版本
bind-libs-9.11.4-26.P2.el7_9.7或以上版本
bind-libs-lite-9.11.4-26.P2.el7_9.7或以上版本
bind-license-9.11.4-26.P2.el7_9.7或以上版本
bind-lite-devel-9.11.4-26.P2.el7_9.7或以上版本
bind-pkcs11-9.11.4-26.P2.el7_9.7或以上版本
bind-pkcs11-devel-9.11.4-26.P2.el7_9.7或以上版本
bind-pkcs11-libs-9.11.4-26.P2.el7_9.7或以上版本
bind-pkcs11-utils-9.11.4-26.P2.el7_9.7或以上版本
bind-sdb-9.11.4-26.P2.el7_9.7或以上版本
bind-sdb-chroot-9.11.4-26.P2.el7_9.7或以上版本
bind-utils-9.11.4-26.P2.el7_9.7或以上版本
·銀河麒麟高級服務器操作系統(tǒng) V10 (aarch64、x86_64)
bind-9.11.4-26.P2.el7_9.7或以上版本
bind-chroot-9.11.4-26.P2.el7_9.7或以上版本
bind-devel-9.11.4-26.P2.el7_9.7或以上版本
bind-export-devel-9.11.4-26.P2.el7_9.7或以上版本
bind-export-libs-9.11.4-26.P2.el7_9.7或以上版本
bind-libs-9.11.4-26.P2.el7_9.7或以上版本
bind-libs-lite-9.11.4-26.P2.el7_9.7或以上版本
bind-license-9.11.4-26.P2.el7_9.7或以上版本
bind-lite-devel-9.11.4-26.P2.el7_9.7或以上版本
bind-pkcs11-9.11.4-26.P2.el7_9.7或以上版本
bind-pkcs11-devel-9.11.4-26.P2.el7_9.7或以上版本
bind-pkcs11-libs-9.11.4-26.P2.el7_9.7或以上版本
bind-pkcs11-utils-9.11.4-26.P2.el7_9.7或以上版本
bind-sdb-9.11.4-26.P2.el7_9.7或以上版本
bind-sdb-chroot-9.11.4-26.P2.el7_9.7或以上版本
bind-utils-9.11.4-26.P2.el7_9.7或以上版本
4.修復方法
方法一:配置源進行升級安裝
1.打開軟件包源配置文件��,根據(jù)倉庫地址進行修改����。
倉庫源地址:
中標麒麟高級服務器操作系統(tǒng) V7
aarch64:https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/
x86_64:https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/
銀河麒麟高級服務器操作系統(tǒng) V10
aarch64:https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/
x86_64:https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/
2.配置完成后執(zhí)行更新命令進行升級,命令如下:
yum update Packagename
方法二:下載安裝包進行升級安裝
通過軟件包地址下載軟件包����,使用軟件包升級命令根據(jù)受影響的軟件包
列表進行升級安裝, 命令如下:
yum install Packagename
3.升級完成后是否需要重啟服務或操作系統(tǒng):
CVE-2018-5743:無需重啟操作系統(tǒng)與服務即可使漏洞修復生效。
CVE-2020-8616:無需重啟操作系統(tǒng)與服務即可使漏洞修復生效���。
CVE-2020-8617:無需重啟操作系統(tǒng)與服務即可使漏洞修復生效�����。
CVE-2020-8625:無需重啟操作系統(tǒng)與服務即可使漏洞修復生效��。
CVE-2021-25214:無需重啟操作系統(tǒng)與服務即可使漏洞修復生效����。
5.軟件包下載地址
·中標麒麟高級服務器操作系統(tǒng) V7
bind(aarch64)軟件包下載地址:
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-chroot-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-devel-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-export-devel-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-export-libs-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-libs-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-libs-lite-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-license-9.11.4-26.P2.el7_9.7.noarch.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-lite-devel-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-pkcs11-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-pkcs11-devel-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-pkcs11-libs-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-pkcs11-utils-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-sdb-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-sdb-chroot-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/aarch64/Packages/bind-utils-9.11.4-26.P2.el7_9.7.aarch64.rpm
bind(x86_64)軟件包下載地址:
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-chroot-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-devel-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-export-devel-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-export-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-export-libs-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-export-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-libs-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-libs-lite-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-libs-lite-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-license-9.11.4-26.P2.el7_9.7.noarch.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-lite-devel-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-lite-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-devel-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-libs-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-utils-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-sdb-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-sdb-chroot-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V7/V7Update9/os/adv/lic/updates/x86_64/Packages/bind-utils-9.11.4-26.P2.el7_9.7.x86_64.rpm
·銀河麒麟高級服務器操作系統(tǒng) V10
bind(aarch64)軟件包下載地址:
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-chroot-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-devel-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-export-devel-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-export-libs-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-libs-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-libs-lite-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-license-9.11.4-26.P2.el7_9.7.noarch.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-lite-devel-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-pkcs11-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-pkcs11-devel-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-pkcs11-libs-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-pkcs11-utils-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-sdb-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-sdb-chroot-9.11.4-26.P2.el7_9.7.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/aarch64/Packages/bind-utils-9.11.4-26.P2.el7_9.7.aarch64.rpm
bind(x86_64)軟件包下載地址:
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-chroot-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-devel-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-export-devel-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-export-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-export-libs-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-export-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-libs-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-libs-lite-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-libs-lite-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-license-9.11.4-26.P2.el7_9.7.noarch.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-lite-devel-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-lite-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-devel-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-devel-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-libs-9.11.4-26.P2.el7_9.7.i686.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-libs-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-pkcs11-utils-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-sdb-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-sdb-chroot-9.11.4-26.P2.el7_9.7.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10-ZJ/os/adv/lic/updates/x86_64/Packages/bind-utils-9.11.4-26.P2.el7_9.7.x86_64.rpm
注:其他相關依賴包請到相同目錄下載
6.修復驗證
使用軟件包查詢命令,查看相關軟件包版本是否與修復版本一致��,如果版本一致��,則說明修復成功�。
sudo rpm -qa | grep Packagename
安全漏洞補丁公告
