Uhlaziyo oluchanekileyo lupapashwe kumasebe azinzileyo e-BIND DNS iseva 9.11.28 kunye ne-9.16.12, kunye nesebe lokulinga 9.17.10, eliphuhliswayo. Ukukhutshwa okutsha kujongana nokuba sesichengeni sokuphuphuma kwe-buffer (CVE-2020-8625) enokuthi ikhokelele ekuqhutyweni kwekhowudi ekude ngumhlaseli. Akukho mikhondo yokusebenza ngokusebenzayo esele ichongiwe.
Ingxaki ibangelwa yimpazamo ekusetyenzisweni kwendlela ye-SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) esetyenziswa kwi-GSSAPI ukuze kuxoxiswane ngemigaqo esetyenziswa ngumthengi kunye umncedisi Iindlela zoKhuseleko. I-GSSAPI isetyenziswa njengeprotokholi ekumgangatho ophezulu yokutshintshiselana ngezitshixo ezikhuselekileyo kusetyenziswa ulwandiso lwe-GSS-TSIG, olusetyenziswa kwinkqubo yokuqinisekisa ubunyani bohlaziyo lwe-DNS zone olutshintshayo.
Ububuthathaka buchaphazela iinkqubo ezicwangciswe nge-GSS-TSIG evuliweyo (umzekelo, ukuba useto lwe-tkey-gssapi-keytab kunye ne-tkey-gssapi-credential ziyasetyenziswa). I-GSS-TSIG idla ngokusetyenziswa kwiindawo ezixutyiweyo apho i-BIND idityaniswe nabalawuli. thambeka I-Active Directory, okanye xa idibaniswa ne-Samba. Kuqwalaselo oluqhelekileyo, i-GSS-TSIG ayisebenzi.
Isisombululo esingadingi ukucima i-GSS-TSIG kukwakha i-BIND ngaphandle kwenkxaso ye-SPNEGO, enokukhutshazwa ngokuchaza ukhetho lwe-"--disable-isc-spnego" xa usebenzisa iskripthi se-"configure". Ingxaki ayilungiswanga kulwabiwo. Ungalandela uhlaziyo kula maphepha alandelayo: Debian, RHEL, SUSE, Ubuntu, Fedora, Arch Linux, iFreeBSD, iNetBSD.
umthombo: opennet.ru
