Univention Bugzilla – Bug 57081
unbound: Multiple issues (5.0)
Last modified: 2024-02-28 13:17:33 CET
New Debian unbound 1.9.0-2+deb10u4 fixes: This update addresses the following issues: 1.9.0-2+deb10u4 (Wed, 21 Feb 2024 12:00:23 +0100) * Non-maintainer upload by the LTS team. * Fix CVE-2023-50387 and CVE-2023-50868: Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path, resulting in denial of service.
--- mirror/ftp/pool/main/u/unbound/unbound_1.9.0-2+deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/unbound_1.9.0-2+deb10u4.dsc @@ -1,3 +1,12 @@ +1.9.0-2+deb10u4 [Wed, 21 Feb 2024 12:00:23 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2023-50387 and CVE-2023-50868: + Two vulnerabilities were discovered in unbound, a validating, recursive, + caching DNS resolver. Specially crafted DNSSEC answers could lead unbound + down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 + hash (CVE-2023-50868) validation path, resulting in denial of service. + 1.9.0-2+deb10u3 [Wed, 29 Mar 2023 10:11:30 +0200] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/5.0-6/#8485790673948156955>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-6] c6b96f7eef Bug #57081: unbound 1.9.0-2+deb10u4 doc/errata/staging/unbound.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) [5.0-6] 0bdc7f8ec6 Bug #57081: unbound 1.9.0-2+deb10u4 doc/errata/staging/unbound.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x966>