tso cai DNS server hloov tshiab , nyob hauv plaub qhov tsis zoo, ob qho uas tuaj yeem ua rau muaj kev ua txhaum cai los ntawm tus neeg tawm tsam.
Vulnerabilities CVE-2020-24696, CVE-2020-24697 thiab CVE-2020-24698
code nrog rau kev siv ntawm qhov tseem ceeb pauv mechanism . Qhov tsis zoo tsuas yog tshwm sim thaum PowerDNS tsim nrog GSS-TSIG kev txhawb nqa (“-enable-experimental-gss-tsig”, tsis siv los ntawm lub neej ntawd) thiab tuaj yeem siv tau los ntawm kev xa cov pob ntawv tsim tshwj xeeb hauv network. Haiv neeg tej yam kev mob thiab ob-dawb vulnerabilities CVE-2020-24696 thiab CVE-2020-24698 tuaj yeem ua rau muaj kev sib tsoo lossis ua tiav ntawm tus neeg tawm tsam code thaum ua cov ntawv thov nrog cov ntawv kos npe tsis raug GSS-TSIG. Qhov tsis muaj zog CVE-2020-24697 tsuas yog txwv tsis pub muab kev pabcuam. Txij li thaum GSS-TSIG code tsis tau siv los ntawm lub neej ntawd, suav nrog hauv cov pob khoom xa tawm, thiab muaj peev xwm muaj lwm yam teeb meem, nws tau txiav txim siab tshem tawm tag nrho hauv kev tso tawm PowerDNS Authoritative 4.4.0.
tuaj yeem ua rau cov ntaub ntawv xa tawm los ntawm cov txheej txheem tsis tsim nyog nco, tab sis tsuas yog tshwm sim thaum ua cov ntawv thov los ntawm cov neeg siv khoom pov thawj uas muaj peev xwm ntxiv cov ntaub ntawv tshiab rau DNS thaj chaw tau txais los ntawm lub server.
Tau qhov twg los: opennet.ru