Kev kho tshiab tau tshaj tawm rau cov ceg ruaj khov ntawm BIND DNS server 9.11.28 thiab 9.16.12, nrog rau cov ceg sim 9.17.10, uas yog nyob rau hauv kev txhim kho. Cov ntawv tshaj tawm tshiab hais txog qhov tsis muaj qhov tsis txaus ntseeg (CVE-2020-8625) uas tuaj yeem ua rau muaj kev ua txhaum cai nyob deb los ntawm tus neeg tawm tsam. Tseem tsis tau pom muaj ib txoj hauv kev los ua haujlwm.
Qhov teeb meem yog tshwm sim los ntawm kev ua yuam kev hauv kev siv SPNEGO (Yooj Yim thiab Tiv Thaiv GSSAPI Negotiation Mechanism) siv hauv GSSAPI los sib tham txog cov txheej txheem tiv thaiv siv los ntawm cov neeg siv khoom thiab cov neeg rau zaub mov. GSSAPI yog siv los ua cov txheej txheem qib siab rau kev nyab xeeb kev pauv pauv siv GSS-TSIG txuas ntxiv siv rau hauv cov txheej txheem ntawm kev lees paub qhov hloov tshiab dynamic DNS zone.
Qhov tsis zoo cuam tshuam rau cov kab ke uas tau teeb tsa los siv GSS-TSIG (piv txwv li, yog siv tkey-gssapi-keytab thiab tkey-gssapi-credential settings). GSS-TSIG feem ntau yog siv nyob rau hauv ib puag ncig sib xyaw uas BIND ua ke nrog Active Directory domain controllers, lossis thaum koom nrog Samba. Nyob rau hauv lub neej ntawd configuration, GSS-TSIG is disabled.
Ib qho kev daws teeb meem rau kev thaiv qhov teeb meem uas tsis tas yuav muaj kev cuam tshuam GSS-TSIG yog los tsim BIND yam tsis muaj kev txhawb nqa rau SPNEGO mechanism, uas tuaj yeem cuam tshuam los ntawm kev qhia qhov "--disable-isc-spnego" kev xaiv thaum khiav "configure" tsab ntawv. Qhov teeb meem tseem unfixed nyob rau hauv distributions. Koj tuaj yeem taug qab qhov muaj qhov hloov tshiab ntawm nplooj ntawv hauv qab no: Debian, RHEL, SUSE, Ubuntu, Fedora, Arch Linux, FreeBSD, NetBSD.
Tau qhov twg los: opennet.ru