Package Release Info

unbound-1.6.8-150100.10.10.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-161
Available in Package Hub : 15 SP5 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

unbound

unbound-python

Change Logs

Version: 1.20.0-150600.23.9.1

Version: 1.20.0-150600.23.6.1

Version: 1.20.0-150100.10.19.1

* Wed Oct 09 2024 jorik.cronenberg@suse.com

- Fix CVE-2024-8508, unbounded name compression could lead to
  denial of service.
  [CVE-2024-8508, bsc#1231284, unbound-1.20-CVE-2024-8508.patch]

Version: 1.20.0-150100.10.16.1

* Tue Aug 20 2024 jorik.cronenberg@suse.com

- Fix null pointer dereference issue in function ub_ctx_set_fwd.
  [CVE-2024-43167, bsc#1229068, unbound-1.20-CVE-2024-43167.patch]

Version: 1.20.0-150600.23.3.1

Version: 1.20.0-150100.10.13.1

* Thu Mar 21 2024 jorik.cronenberg@suse.com

- Update to 1.20.0
  * A lot of bugfixes and added features.
    For a complete list take a look at the changelog located at:
    /usr/share/doc/packages/unbound/Changelog or
    https://www.nlnetlabs.nl/projects/unbound/download/
  Some Noteworthy Changes:
  * Removed DLV. The DLV has been decommisioned since unbound
    1.5.4 and has been advised to stop using it since. The use of
    dlv options displays a warning.
  * Remove EDNS lame procedure, do not re-query without EDNS after
    timeout.
  * Add DNS over HTTPS
  * libunbound has been upgraded to major version 8
  Security Fixes:
  * Fix CVE-2023-50387, DNSSEC verification complexity can be
    exploited to exhaust CPU resources and stall DNS resolvers.
  [bsc#1219823, CVE-2023-50387]
  * Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust
    CPU.
  [bsc#1219826, CVE-2023-50868]
  * Fix CVE-2022-30698, Novel "ghost domain names" attack by
    introducing subdomain delegations.
  [bsc#1202033, CVE-2022-30698]
  * Fix CVE-2022-30699, Novel "ghost domain names" attack by
    updating almost expired delegation information.
  [bsc#1202031, CVE-2022-30699]
  * Fix CVE-2022-3204, NRDelegation attack leads to uncontrolled
    resource consumption (Non-Responsive Delegation Attack).
  [bsc#1203643, CVE-2022-3204]
  Packaging Changes:
  * Use prefixes instead of sudo in unbound.service
  * Remove no longer necessary BuildRequires: libfstrm-devel and
    libprotobuf-c-devel
  * Following patches removed because they are now obsolete:
    unbound-1.6.8-amplifying-an-incoming-query.patch
    patch_cve_2019-18934.patch
    bsc1185382_CVE-2019-25031_f8875527.patch
    bsc1185383.4_CVE-2019-25032.3_226298bb.patch
    bsc1185385_CVE-2019-25034_a3545867.patch
    bsc1185386.7_CVE-2019-25035.6_fa23ee8f.patch
    bsc1185391.2_CVE-2019-25040.1_2d444a50.patch
    bsc1185389.90_CVE-2019-25038.9_02080f6b.patch
    bsc1185388_CVE-2019-25037_d2eb78e8.patch
    bsc1185393_CVE-2019-25042_6c3a0b54.patch
    bsc1179191_CVE-2020-28935_19f8f4d9.patch
  [jsc#PED-8333]