zosintha zovomerezeka za seva ya DNS momwe Zowopsa zinayi, ziwiri zomwe zitha kupangitsa kuti wowukirayo apereke ma code akutali.
Zowopsa CVE-2020-24696, CVE-2020-24697 ndi CVE-2020-24698
code ndi kukhazikitsa njira yosinthira chinsinsi . Zowonongeka zimangowoneka pamene PowerDNS imamangidwa ndi chithandizo cha GSS-TSIG ("-enable-experimental-gss-tsig", osagwiritsidwa ntchito mwachisawawa) ndipo ingagwiritsidwe ntchito potumiza paketi yapaintaneti yopangidwa mwapadera. Mipikisano yothamanga komanso kusatetezeka kopanda kawiri CVE-2020-24696 ndi CVE-2020-24698 kungayambitse kuwonongeka kapena kupha ma code owukira mukamakonza zopempha ndi siginecha yolakwika ya GSS-TSIG. Kusatetezeka kwa CVE-2020-24697 kumangokhala kukana ntchito. Popeza kachidindo ya GSS-TSIG sinagwiritsidwe ntchito mwachisawawa, kuphatikiza pamapaketi ogawa, ndipo mwina ili ndi zovuta zina, idasankhidwa kuti ichotsedwe kwathunthu pakutulutsidwa kwa PowerDNS Authoritative 4.4.0.
zingayambitse kutayikira kwa chidziwitso kuchokera ku kukumbukira kosasinthika, koma kumachitika pokhapokha pokonza zopempha kuchokera kwa ogwiritsa ntchito ovomerezeka omwe amatha kuwonjezera zolemba zatsopano kumadera a DNS omwe amatumizidwa ndi seva.
Source: opennet.ru