| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Update to 1.20.0
* A lot of bugfixes and added features.
For a complete list take a look at the changelog located at:
/usr/share/doc/packages/unbound/Changelog or
https://www.nlnetlabs.nl/projects/unbound/download/
Some Noteworthy Changes:
* Removed DLV. The DLV has been decommisioned since unbound
1.5.4 and has been advised to stop using it since. The use of
dlv options displays a warning.
* Remove EDNS lame procedure, do not re-query without EDNS after
timeout.
* Add DNS over HTTPS
* libunbound has been upgraded to major version 8
Security Fixes:
* Fix CVE-2023-50387, DNSSEC verification complexity can be
exploited to exhaust CPU resources and stall DNS resolvers.
[bsc#1219823, CVE-2023-50387]
* Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust
CPU.
[bsc#1219826, CVE-2023-50868]
* Fix CVE-2022-30698, Novel "ghost domain names" attack by
introducing subdomain delegations.
[bsc#1202033, CVE-2022-30698]
* Fix CVE-2022-30699, Novel "ghost domain names" attack by
updating almost expired delegation information.
[bsc#1202031, CVE-2022-30699]
* Fix CVE-2022-3204, NRDelegation attack leads to uncontrolled
resource consumption (Non-Responsive Delegation Attack).
[bsc#1203643, CVE-2022-3204]
Packaging Changes:
* Use prefixes instead of sudo in unbound.service
* Remove no longer necessary BuildRequires: libfstrm-devel and
libprotobuf-c-devel
* Following patches removed because they are now obsolete:
unbound-1.6.8-amplifying-an-incoming-query.patch
patch_cve_2019-18934.patch
bsc1185382_CVE-2019-25031_f8875527.patch
bsc1185383.4_CVE-2019-25032.3_226298bb.patch
bsc1185385_CVE-2019-25034_a3545867.patch
bsc1185386.7_CVE-2019-25035.6_fa23ee8f.patch
bsc1185391.2_CVE-2019-25040.1_2d444a50.patch
bsc1185389.90_CVE-2019-25038.9_02080f6b.patch
bsc1185388_CVE-2019-25037_d2eb78e8.patch
bsc1185393_CVE-2019-25042_6c3a0b54.patch
bsc1179191_CVE-2020-28935_19f8f4d9.patch
[jsc#PED-8333]