Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1991


Security update for unbound


Type: security
Severity: important
Issued: 2024-06-11
Description:
This update for unbound fixes the following issues:

unbound was updated to 1.20.0:

* A lot of bugfixes and added features.
  For a complete list take a look at the changelog located at:
  /usr/share/doc/packages/unbound/Changelog or
  https://www.nlnetlabs.nl/projects/unbound/download/

Some Noteworthy Changes:

* Removed DLV. The DLV has been decommisioned since unbound
  1.5.4 and has been advised to stop using it since. The use of
  dlv options displays a warning.
* Remove EDNS lame procedure, do not re-query without EDNS after
  timeout.
* Add DNS over HTTPS
* libunbound has been upgraded to major version 8

Security Fixes:
* CVE-2023-50387: DNSSEC verification complexity can be
  exploited to exhaust CPU resources and stall DNS resolvers.  [bsc#1219823]
* CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU.
  [bsc#1219826]
* CVE-2022-30698: Novel "ghost domain names" attack by
  introducing subdomain delegations.  [bsc#1202033]
* CVE-2022-30699: Novel "ghost domain names" attack by
  updating almost expired delegation information.  [bsc#1202031]
* CVE-2022-3204: NRDelegation attack leads to uncontrolled
  resource consumption (Non-Responsive Delegation Attack).  [bsc#1203643]

Packaging Changes:

* Use prefixes instead of sudo in unbound.service
* Remove no longer necessary BuildRequires: libfstrm-devel and
  libprotobuf-c-devel


              

Packages


  • unbound-1.20.0-150100.10.13.1