安全公告详情

NS-SA-2026-0006

2026-03-04 02:18:04

简介

low: bind/fuse security update

严重级别

low

主题

An update for bind/fuse is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

bind:
fuse:


Security Fix(es):
bind: BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.(CVE-2006-4095)
bind: Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.(CVE-2007-2241)
bind: The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.(CVE-2007-2925)
bind: bugfix
fuse: fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.(CVE-2005-3531)
fuse: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage(CVE-2009-3297)
fuse: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.01B6.

影响组件

  • bind
  • fuse

影响产品

  • CGSL MAIN 6.06 (SP)

更新包

{"fix":[{"product":"CGSL MAIN 6.06 (SP)","pkgs":[{"binary":["bind-export-libs-9.11.36-3.zncgsl6_6.1.x86_64.rpm","bind-libs-9.11.36-3.zncgsl6_6.1.x86_64.rpm","bind-libs-lite-9.11.36-3.zncgsl6_6.1.x86_64.rpm","bind-license-9.11.36-3.zncgsl6_6.1.noarch.rpm","bind-utils-9.11.36-3.zncgsl6_6.1.x86_64.rpm","python3-bind-9.11.36-3.zncgsl6_6.1.noarch.rpm"],"source":"bind-9.11.36-3.zncgsl6_6.1.src.rpm"},{"binary":["fuse-2.9.7-15.zncgsl6.x86_64.rpm","fuse-common-3.3.0-15.zncgsl6.x86_64.rpm","fuse-libs-2.9.7-15.zncgsl6.x86_64.rpm"],"source":"fuse-2.9.7-15.zncgsl6.src.rpm"}]}]}

CVE

参考