Zosintha zowongolera zasindikizidwa ku nthambi zokhazikika za BIND DNS seva 9.11.28 ndi 9.16.12, komanso nthambi yoyesera 9.17.10, yomwe ikukula. Zomwe zatulutsidwa zatsopanozi zimayang'ana pachiwopsezo chochulukirachulukira (CVE-2020-8625) chomwe chitha kupangitsa kuti wowukirayo apereke ma code akutali. Palibe zizindikiro zogwirira ntchito zomwe zadziwika.
Vutoli limayambitsidwa ndi cholakwika pakukhazikitsa njira ya SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) yomwe imagwiritsidwa ntchito mu GSSAPI kukambirana njira zotetezera zomwe kasitomala ndi seva amagwiritsa ntchito. GSSAPI imagwiritsidwa ntchito ngati njira yapamwamba yosinthira makiyi otetezedwa pogwiritsa ntchito kukulitsa kwa GSS-TSIG komwe kumagwiritsidwa ntchito potsimikizira zosintha za DNS zone.
Kusatetezeka kumakhudza machitidwe omwe asinthidwa kuti agwiritse ntchito GSS-TSIG (mwachitsanzo, ngati tkey-gssapi-keytab ndi tkey-gssapi-credential zochunira zikugwiritsidwa ntchito). GSS-TSIG imagwiritsidwa ntchito m'malo osiyanasiyana pomwe BIND imaphatikizidwa ndi Active Directory domain controller, kapena ikaphatikizidwa ndi Samba. Pakusintha kosasintha, GSS-TSIG imayimitsidwa.
Njira yothetsera vuto lomwe silikufuna kuletsa GSS-TSIG ndikumanga BIND popanda kuthandizidwa ndi makina a SPNEGO, omwe amatha kuzimitsa pofotokoza njira ya "--disable-isc-spnego" poyendetsa "configure" script. Vuto limakhalabe losakhazikika pakugawa. Mutha kuyang'anira kupezeka kwa zosintha pamasamba otsatirawa: Debian, RHEL, SUSE, Ubuntu, Fedora, Arch Linux, FreeBSD, NetBSD.
Source: opennet.ru