Kua whakaputahia nga whakahoutanga whakatika mo nga peka pumau o te BIND DNS server 9.11.28 me 9.16.12, me te peka whakamatautau 9.17.10, kei te whanake. Ko nga putanga hou e whakatika ana i te whakaraeraetanga o te puhera puhake (CVE-2020-8625) tera pea ka arahi ki te mahi waehere mamao a te kaitukino. Kaore ano kia kitea nga tohu o nga mahi mahi.
Ko te raruraru i puta mai i tētahi hapa i roto i te whakatinanatanga o te tikanga SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) i whakamahia i roto i te GSSAPI hei whiriwhiri i ngā kawa e whakamahia ana e te kiritaki, ā, tūmau Ngā tikanga haumarutanga. Ka whakamahia te GSSAPI hei kawa taumata-tiketike mō te whakawhiti kī haumaru mā te whakamahi i te toronga GSS-TSIG, e whakamahia ana i roto i te tukanga manatoko i te pono o ngā whakahoutanga rohe DNS hihiri.
Ka pā te ngoikoretanga ki ngā pūnaha kua whirihorahia me te GSS-TSIG kua whakahohea (hei tauira, mēnā ka whakamahia ngā tautuhinga tkey-gssapi-keytab me te tkey-gssapi-credential). Ko te GSS-TSIG te tikanga e whakamahia ana i roto i ngā taiao whakauru e honoa ana te BIND me ngā pūmana. rohe Active Directory, i te wā rānei e hono ana ki a Samba. I te whirihoranga taunoa, kua monokia te GSS-TSIG.
Ko tētahi huarahi hei whakakore i te GSS-TSIG, kāore e hiahiatia kia whakakorehia te GSS-TSIG, ko te hanga i te BIND me te kore tautoko mō te SPNEGO, ka taea te whakakore mā te tohu i te kōwhiringa "--disable-isc-spnego" i te wā e whakahaere ana i te tuhinga "configure". Kāore anō kia whakatauhia te raruraru i roto i ngā tohatoha. Ka taea e koe te whai i ngā whakahōutanga i ngā whārangi e whai ake nei: Debian, RHEL, SUSE, Ubuntu, Fedora, Āwhata Linux, FreeBSD, NetBSD.
Source: opennet.ru
