O faʻafouga faʻasaʻo ua faʻasalalau mo lala mautu o le BIND DNS server 9.11.28 ma 9.16.12, faʻapea foʻi ma le lala faʻataʻitaʻi 9.17.10, lea o loʻo atinaʻe. O faʻasalalauga fou e faʻafeiloaʻi ai le faʻalavelave faʻalavelave faʻafefe (CVE-2020-8625) e ono mafai ona taʻitaʻia ai le faʻatinoina o code mamao e se tagata osofaʻi. E le'i fa'ailoa mai fo'i ni fa'ailoga o galuega fa'atino.
O le faʻafitauli e mafua mai i se mea sese i le faʻatinoina o le SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) faʻaogaina i le GSSAPI e faʻatalanoa ai auala puipuia e faʻaaogaina e le kalani ma le server. GSSAPI o loʻo faʻaaogaina e avea o se faʻasalalauga maualuga mo fefaʻatauaʻiga faʻamautu e faʻaaoga ai le faʻaopoopoga GSS-TSIG faʻaaogaina i le faʻagasologa o le faʻamaoniaina o faʻafouga faʻafouina DNS sone.
O le faʻafitauli e aʻafia ai faiga e faʻatulagaina e faʻaoga ai le GSS-TSIG (mo se faʻataʻitaʻiga, pe a faʻaogaina le tkey-gssapi-keytab ma le tkey-gssapi-credential settings). GSS-TSIG e masani ona faʻaaogaina i siosiomaga fefiloi lea e tuʻufaʻatasia ai le BIND ma Active Directory domain controllers, poʻo pe a tuʻufaʻatasia ma Samba. I le fa'atulagaina fa'aletonu, ua le atoatoa le GSS-TSIG.
O se fofo mo le taofia o le faʻafitauli e le manaʻomia ai le faʻaaogaina o le GSS-TSIG o le fausia lea o le BIND e aunoa ma le lagolago mo le SPNEGO mechanism, lea e mafai ona faʻagata e ala i le faʻamaonia o le "--disable-isc-spnego" filifiliga pe a faʻaogaina le "configure" script. O lo'o tumau pea le fa'afitauli i le fa'asoa. E mafai ona e siaki le maua o faʻamatalaga i itulau nei: Debian, RHEL, SUSE, Ubuntu, Fedora, Arch Linux, FreeBSD, NetBSD.
puna: opennet.ru