Kev kho tshiab rau cov ceg ruaj khov ntawm BIND DNS server 9.16.28 thiab 9.18.3 tau tshaj tawm, nrog rau kev tso tawm tshiab ntawm ceg sim 9.19.1. Hauv version 9.18.3 thiab 9.19.1, qhov tsis zoo (CVE-2022-1183) hauv kev siv DNS-over-HTTPS mechanism, txhawb nqa txij li ceg 9.18, tau kho. Qhov tsis zoo ua rau cov txheej txheem muaj npe poob yog tias TLS kev txuas mus rau HTTP-based handler raug txiav tawm ntxov. Qhov teeb meem tsuas yog cuam tshuam rau cov servers uas ua haujlwm DNS dhau HTTPS (DoH) thov. Cov servers uas lees txais DNS dhau TLS (DoT) cov lus nug thiab tsis siv DoH tsis cuam tshuam los ntawm qhov teeb meem no.
Tso tawm 9.18.3 kuj ntxiv ntau yam kev txhim kho. Ntxiv kev txhawb nqa rau qhov thib ob version ntawm thaj chaw catalog ("Catalog Zones"), txhais nyob rau hauv daim ntawv thib tsib ntawm IETF specification. Zone Directory muaj ib txoj hauv kev tshiab ntawm kev tswj hwm cov DNS servers thib ob uas, es tsis txhob txhais cov ntaub ntawv cais rau txhua qhov chaw thib ob ntawm cov neeg rau zaub mov thib ob, ib qho tshwj xeeb ntawm thaj chaw nruab nrab raug xa mus ntawm thawj thiab theem nrab servers. Cov. Los ntawm kev teeb tsa cov npe hloov pauv zoo ib yam li kev hloov pauv ntawm ib tus neeg ib cheeb tsam, thaj chaw tsim ntawm thawj tus neeg rau zaub mov thiab cim raws li suav nrog hauv phau ntawv qhia yuav raug tsim los ntawm cov neeg rau zaub mov thib ob yam tsis tas yuav hloov kho cov ntaub ntawv teeb tsa.
Tus tshiab version kuj ntxiv kev txhawb nqa rau txuas ntxiv "Stale Answer" thiab "Stale NXDOMAIN Teb" cov lej yuam kev, muab tawm thaum cov lus teb stale rov qab los ntawm cache. lub npe thiab khawb tau tsim-hauv kev pov thawj ntawm cov ntawv pov thawj TLS sab nraud, uas tuaj yeem siv los ua kom muaj kev sib raug zoo lossis kev sib koom tes ua pov thawj raws li TLS (RFC 9103).
Tau qhov twg los: opennet.ru