Sabuntawa na gyara ga bargatattun rassan uwar garken DNS na BIND 9.11.37, 9.16.27 da 9.18.1 an buga su, waɗanda ke gyara lahani huɗu:
- CVE-2021-25220 - yuwuwar maye gurbin bayanan NS da ba daidai ba a cikin cache uwar garken DNS (guba cache), wanda zai iya haifar da kira zuwa sabar DNS mara kyau waɗanda ke ba da bayanan ƙarya. Matsalar tana bayyana kanta a cikin masu warwarewa da ke aiki a cikin tsarin "gaba da farko" (tsoho) ko "na gaba kawai", idan ɗaya daga cikin masu turawa ya sami matsala (rakodin NS da aka karɓa daga mai turawa ya ƙare a cikin cache kuma zai iya haifar da samun dama ga masu aikawa. uwar garken DNS ba daidai ba lokacin yin tambayoyin maimaitawa).
- CVE-2022-0396 kin sabis ne (haɗin da ke rataye har abada a cikin jihar CLOSE_WAIT) wanda aka ƙaddamar ta hanyar aika fakitin TCP na musamman. Matsalar tana bayyana ne kawai lokacin da aka kunna saitin-amsa-amsa, wanda ba a yi amfani da shi ta tsohuwa ba, da lokacin da aka ƙayyade zaɓin-amsa-aiki a cikin ACL.
- CVE-2022-0635 - Tsarin mai suna na iya faɗuwa lokacin aika wasu buƙatun zuwa sabar. Matsalar tana bayyana kanta lokacin amfani da cache na DNSSEC-Validated Cache, wanda aka kunna ta tsohuwa a cikin reshe 9.18 (dnssec-validation and synth-from-dnssec settings).
- CVE-2022-0667 - Yana yiwuwa tsarin mai suna ya fadi lokacin sarrafa buƙatun DS da aka jinkirta. Matsalar tana bayyana ne kawai a cikin BIND 9.18 reshen kuma tana faruwa ne ta hanyar kuskuren da aka yi lokacin sake yin aikin lambar abokin ciniki don sarrafa tambaya mai maimaitawa.
source: budenet.ru