Izibuyekezo zokulungisa eziya kumagatsha azinzile weseva ye-BIND DNS 9.11.37, 9.16.27 kanye no-9.18.1 zishicilelwe, ezilungisa ubungozi obune:
- I-CVE-2021-25220 - ithuba lokufaka amarekhodi e-NS angalungile kunqolobane yeseva ye-DNS (ubuthi be-cache), okungaholela kumakholi kumaseva e-DNS angalungile ahlinzeka ngolwazi olungamanga. Inkinga izibonakalisa kuzixazululi ezisebenza kumamodi “phambili kuqala” (okuzenzakalelayo) noma “phambili kuphela”, uma omunye wabadluliseli esengozini (amarekhodi e-NS atholwe kumdluliseli agcina esenqolobaneni futhi angaholela ekufinyeleleni iseva ye-DNS engalungile lapho senza imibuzo ephindaphindayo).
- I-CVE-2022-0396 iwukunqatshelwa kwesevisi (ukuxhumana kulenga unomphela kusimo se-CLOSE_WAIT) okuqaliswe ngokuthumela amaphakethe e-TCP aklanywe ngokukhethekile. Inkinga ibonakala kuphela uma ukulungiselelwa kwe-oda lokuphendula kuvuliwe, okungasetshenziswa ngokuzenzakalelayo, nalapho inketho ye-oda lokuphendula icaciswa ku-ACL.
- I-CVE-2022-0635 - Inqubo eqanjwe igama ingaphahlazeka lapho ithumela izicelo ezithile kuseva. Inkinga yenzeka uma kusetshenziswa inqolobane yenqolobane ye-DNSSEC-Validated Cache, enikwa amandla ngokuzenzakalela kugatsha 9.18 (dnssec-validation kanye nezilungiselelo ze-synth-from-dnssec).
- I-CVE-2022-0667 - Kuyenzeka ukuthi inqubo eqanjwe igama iphahlazeke lapho kusetshenzwa izicelo ze-DS ezihlehlisiwe. Inkinga ivela kuphela egatsheni le-BIND 9.18 futhi ibangelwa iphutha elenziwe lapho kusetshenzwa kabusha ikhodi yeklayenti ukuze kucutshungulwe umbuzo ophindayo.
Source: opennet.ru