An buga sabuntawar gyara don tsayayyen rassan BIND DNS uwar garken 9.11.28 da 9.16.12, da kuma reshen gwaji na 9.17.10, wanda ke ci gaba. Sabbin abubuwan da aka fitar suna magance rashin lafiyar buffer mai ambaliya (CVE-2020-8625) wanda zai iya yuwuwar haifar da aiwatar da lambar nesa ta maharan. Har yanzu ba a gano alamun cin gajiyar aiki ba.
Matsalar ta samo asali ne ta hanyar kuskure a aiwatar da tsarin SPNEGO (Sauƙaƙa da Kariya na GSSAPI Negotiation Mechanism) wanda aka yi amfani da shi a cikin GSSAPI don yin shawarwarin hanyoyin kariya da abokin ciniki da uwar garke ke amfani da su. Ana amfani da GSSAPI azaman babbar yarjejeniya don amintaccen maɓalli ta amfani da tsawo na GSS-TSIG da aka yi amfani da shi wajen tabbatar da sabunta yankin DNS mai ƙarfi.
Rashin lahani yana rinjayar tsarin da aka saita don amfani da GSS-TSIG (misali, idan an yi amfani da saitunan ƙididdiga na tkey-gssapi-keytab da tkey-gssapi-credential settings). GSS-TSIG yawanci ana amfani da shi a gauraye mahalli inda aka haɗa BIND tare da masu kula da yanki na Active Directory, ko kuma lokacin da aka haɗa su da Samba. A cikin tsarin tsoho, GSS-TSIG an kashe.
Hanya don toshe matsalar da baya buƙatar kashe GSS-TSIG shine gina BIND ba tare da goyan bayan tsarin SPNEGO ba, wanda za'a iya kashe shi ta hanyar ƙayyade zaɓin "- disable-isc-spnego" lokacin da ake gudanar da rubutun "daidaita". Matsalar ta kasance ba a gyara ba a cikin rabawa. Kuna iya bin diddigin samuwar sabuntawa akan shafuka masu zuwa: Debian, RHEL, SUSE, Ubuntu, Fedora, Arch Linux, FreeBSD, NetBSD.
source: budenet.ru