1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5620-1] unbound security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed Feb 14 08:00:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5620-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : unbound
    CVE ID : CVE-2023-50387 CVE-2023-50868
    Debian Bug : 1063845

    Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead
    unbound down a very CPU intensive and time costly DNSSEC
    (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path,
    resulting in denial of service.

    Details can be found at https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 1.13.1-1+deb11u2.

    For the stable distribution (bookworm), these problems have been fixed in version 1.17.1-2+deb12u2.

    We recommend that you upgrade your unbound packages.

    For the detailed security status of unbound please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/unbound

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXMYixfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TxMxAAmy00/kTKXoaX+YGFHPIZmwdtP/eQnx9SreT40TrvASi7O5d/LKQUhMpY fEPqekyPCmfa/XkFZZVecyaNInoeyuf2olpQ5+gTgZMoxllccCFWqyO+TVhJtobf 8iJttIwwdGYToH/tENr2Ady2Rgg5oy8WILF/5F2bckn2dgQAWUw4Tl7K9rkCf1Jr yO4KJGhXtNpaQZJnvX5dmwm7gDwkXsc9j85diRTRUF14IaMiiPKUpcxmogOGDYJc vY6lBFdLOfmzo1f3BO8SzNV+G0h7kCn/7w9RdpOWqTQoZHdT6IkT0YsZzLuJ0bVy oLWxi8Kh4fdAbEiyffVk0kLOWUmup9hckUSIXQktvOK6koFecm01W8OBzQ/HsB/D NExfo1l7GjAaAv+EkQHMdkiMqdoLI4oduuBxa2nFdCpDESaTN7Li6S0JtVc1YUu+ UKHido3J0/U4xleL8sPPupJ2yVwOmbkeqK3hxH0J+e/uDT6mfrZ0moEEjOyAper8 lqu4TS7rSK0e6/nNQs8dEEcoQQL1B3HXyXqjOBcMM4A1wPkJib8j2use64/+vIz6 9tMflOwUxBirQ/J4PGLWTQmIoxF6NNzqTWgeFMIuq1NXIy7t3TPIIgW3+VWsNJwK Ae8HGZITdiBpGdSDFEa5qYKtiYQS6NxSx/fzyYNlfv7rUzrSNgQ=
    =m2j/
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)