Lintlafatso tse lokisoang li hatisitsoe bakeng sa makala a tsitsitseng a BIND DNS server 9.11.28 le 9.16.12, hammoho le lekala la liteko 9.17.10, le ntseng le tsoela pele. Litokollo tse ncha li sebetsana le ts'oaetso ea "buffer overflow" (CVE-2020-8625) e ka lebisang ho ts'ebetsong ea khoutu e hole ke mohlaseli. Ha ho na mesaletsa ea liketso tse sebetsang tse ntseng li tsejoa.
Bothata bo bakoa ke phoso ts'ebetsong ea mokhoa oa SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) o sebelisitsoeng ho GSSAPI ho buisana ka liprothokholi tse sebelisoang ke moreki le seva Mekhoa ea tšireletso. GSSAPI e sebelisoa e le protocol ea boemo bo holimo bakeng sa phapanyetsano ea linotlolo tse sireletsehileng ho sebelisoa katoloso ea GSS-TSIG, e sebelisoang ts'ebetsong ea ho netefatsa bonnete ba lintlafatso tsa libaka tsa DNS tse feto-fetohang.
Bofokodi bona bo ama ditsamaiso tse hlophisitsweng ka GSS-TSIG e butsweng (mohlala, haeba di-setting tsa tkey-gssapi-keytab le tkey-gssapi-credential di sebediswa). GSS-TSIG hangata e sebediswa dibakeng tse kopaneng moo BIND e kopantsweng le balaodi. domain/ Active Directory, kapa ha e kopanngwa le Samba. Tlhophisong ya kamehla, GSS-TSIG e timilwe.
Tharollo e sa hlokeng ho tima GSS-TSIG ke ho haha BIND ntle le tšehetso bakeng sa SPNEGO, e ka holofatswang ka ho totobatsa khetho ea "--disable-isc-spnego" ha ho sebelisoa sengoloa sa "configure". Bothata bo ntse bo sa lokisoa kabong. U ka latela lintlafatso maqepheng a latelang: Debian, RHEL, SUSE, Ubuntu, Fedora, Arch Linux, FreeBSD, NetBSD.
Source: opennet.ru
