发布于3月6日3月6日 Members Oracle Linux: CVE-2022-3736: ELSA-2023-2261:bind security and bug fix update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/25/2023 Created 05/19/2023 Added 05/18/2023 Modified 11/30/2024 Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. Solution(s) oracle-linux-upgrade-bind9-16 oracle-linux-upgrade-bind9-16-chroot oracle-linux-upgrade-bind9-16-devel oracle-linux-upgrade-bind9-16-dnssec-utils oracle-linux-upgrade-bind9-16-doc oracle-linux-upgrade-bind9-16-libs oracle-linux-upgrade-bind9-16-license oracle-linux-upgrade-bind9-16-utils oracle-linux-upgrade-python3-bind9-16 References https://attackerkb.com/topics/cve-2022-3736 CVE - 2022-3736 ELSA-2023-2261 ELSA-2023-2792
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。