Magadzirirwo ekugadzirisa akadhindwa kumatavi akatsiga eiyo BIND DNS server 9.11.28 uye 9.16.12, pamwe nebazi rekuyedza 9.17.10, riri mukuvandudza. Izvo zvitsva zvinoburitswa zvinogadzirisa hutachiona hwekufashukira (CVE-2020-8625) izvo zvinogona kutungamira kune kure kure kodhi kuurayiwa neanorwisa. Hapana zvisaririra zvekushanda zvakawanikwa zvisati zvaonekwa.
Dambudziko rinokonzerwa nekukanganisa mukuitwa kweSPNEGO (Yakareruka uye Yakachengetedzwa GSSAPI Negotiation Mechanism) inoshandiswa muGSSAPI kutaurirana nzira dzekudzivirira dzinoshandiswa nemutengi uye server. GSSAPI inoshandiswa seyepamusoro-level protocol kune yakachengeteka kiyi yekutsinhana uchishandisa iyo GSS-TSIG yekuwedzera inoshandiswa mukuita kwechokwadi ine simba DNS zone updates.
Kusagadzikana kunokanganisa masisitimu akagadziridzwa kuti ashandise GSS-TSIG (semuenzaniso, kana tkey-gssapi-keytab uye tkey-gssapi-credential marongero akashandiswa). GSS-TSIG inowanzo shandiswa munzvimbo dzakasanganiswa uko BIND inosanganiswa neActive Directory domain controllers, kana kana yakabatanidzwa neSamba. Muchigadziro chekugadzirisa, GSS-TSIG yakadzimwa.
Basa rekuvharisa dambudziko risingade kudzima GSS-TSIG kuvaka BIND pasina tsigiro yemuchina weSPNEGO, unogona kudzimwa nekutsanangura iyo "--disable-isc-spnego" sarudzo paunenge uchimhanyisa "gadziridza" script. Dambudziko rinoramba risina kugadziriswa mukugovera. Unogona kutarisa kuwanikwa kwezvigadziriso pamapeji anotevera: Debian, RHEL, SUSE, Ubuntu, Fedora, Arch Linux, FreeBSD, NetBSD.
Source: opennet.ru