Lintlafatso tse lokisoang li hatisitsoe bakeng sa makala a tsitsitseng a BIND DNS server 9.11.28 le 9.16.12, hammoho le lekala la liteko 9.17.10, le ntseng le tsoela pele. Litokollo tse ncha li sebetsana le ts'oaetso ea "buffer overflow" (CVE-2020-8625) e ka lebisang ho ts'ebetsong ea khoutu e hole ke mohlaseli. Ha ho na mesaletsa ea liketso tse sebetsang tse ntseng li tsejoa.
Bothata bo bakoa ke phoso ts'ebetsong ea SPNEGO (Mochine o Bonolo le o Sirelelitsoeng oa GSSAPI Negotiation Mechanism) o sebelisoang ho GSSAPI ho buisana ka mekhoa ea tšireletso e sebelisoang ke mofani le seva. GSSAPI e sebelisoa e le protocol ea boemo bo holimo bakeng sa phapanyetsano ea linotlolo tse sireletsehileng ho sebelisoa katoloso ea GSS-TSIG e sebelisoang molemong oa ho netefatsa lintlafatso tsa libaka tsa DNS tse matla.
Kotsi e ama litsamaiso tse lokiselitsoeng ho sebelisa GSS-TSIG (ka mohlala, haeba tkey-gssapi-keytab le tkey-gssapi-credential setting li sebelisoa). GSS-TSIG hangata e sebelisoa libakeng tse tsoakaneng moo BIND e kopantsoeng le Active Directory domain controller, kapa ha e kopantsoe le Samba. Boemong ba kamehla, GSS-TSIG e koetsoe.
Mokhoa oa ho thibela bothata o sa hlokeng ho thibela GSS-TSIG ke ho aha BIND ntle le ts'ehetso bakeng sa mochini oa SPNEGO, o ka sitisoang ka ho hlakisa khetho ea "-disable-isc-spnego" ha o sebelisa mongolo oa "configure". Bothata bo ntse bo sa rarolloe kabong. U ka latela ho fumaneha ha liapdeite maqepheng a latelang: Debian, RHEL, SUSE, Ubuntu, Fedora, Arch Linux, FreeBSD, NetBSD.
Source: opennet.ru