Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Unbound
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Unbound
ID: USN-4374-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 19.10, Ubuntu 20.04 LTS
Datum: Mi, 27. Mai 2020, 19:21
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12662
Applikationen: Unbound

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3857502133156478276==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="BaIWnXuXMFNnY0gHa8I5FPbuEe704qrt8"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BaIWnXuXMFNnY0gHa8I5FPbuEe704qrt8
Content-Type: multipart/mixed;
boundary="Er8oWSD9s0OK31BTpgLmy6JjC6Q3VzfCK"

--Er8oWSD9s0OK31BTpgLmy6JjC6Q3VzfCK
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4374-1
May 27, 2020

unbound vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Unbound.

Software Description:
- unbound: validating, recursive, caching DNS resolver

Details:

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Unbound
incorrectly handled certain queries. A remote attacker could use this issue
to perform an amplification attack directed at a target. (CVE-2020-12662)

It was discovered that Unbound incorrectly handled certain malformed
answers. A remote attacker could possibly use this issue to cause Unbound
to crash, resulting in a denial of service. (CVE-2020-12663)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libunbound8 1.9.4-2ubuntu1.1
unbound 1.9.4-2ubuntu1.1

Ubuntu 19.10:
libunbound8 1.9.0-2ubuntu1.1
unbound 1.9.0-2ubuntu1.1

Ubuntu 18.04 LTS:
libunbound2 1.6.7-1ubuntu2.3
unbound 1.6.7-1ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4374-1
CVE-2020-12662, CVE-2020-12663

Package Information:
https://launchpad.net/ubuntu/+source/unbound/1.9.4-2ubuntu1.1
https://launchpad.net/ubuntu/+source/unbound/1.9.0-2ubuntu1.1
https://launchpad.net/ubuntu/+source/unbound/1.6.7-1ubuntu2.3


--Er8oWSD9s0OK31BTpgLmy6JjC6Q3VzfCK--

--BaIWnXuXMFNnY0gHa8I5FPbuEe704qrt8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7OkhwACgkQZWnYVadE
vpNavg/+NO0mUhpLR9XT5eVPOETA5O0lA2zBdGIxm6w7A63FHLaUEgNKu4Ux9/Vf
zhzHqGyfuVAJki8YzoXErvXGjZfcpoqZtTPGZi66Kdgu/ISjKDmw87Q6525TIOWg
75Tm921g/PF1Vvs+uT3e1GC33vUYN5mDtwQWIKbbSPnpv9cdUdafI5+4PtUNVKCh
C1aBMyInxbpVJaj8Ehg/vR5js/vY+5xbQDcu9pOiJIw09J3K7D39ImmwsmG/LIqd
iWfKGs6CPE7Xw4CPurijMYnvgak22MbVLu11TmZye9GhF2VHnZguVVeZEzgXcZQr
Xeo7sWDJhnCP/+vMIZ7yER0hPwIIJa5I6eY57C/2XrS/A8rYwPvwSMp35D/ei1w8
abArusUL8+Zyu8kpcNNpZEqgQ50ehXQYFmdkLF4o37vaLNGsW+J2AByJc88zKhL7
RI+YZ4oRzPgNvmBpAHyICKQTSb6tJIg8rnXKraNWHN6KeX0RTnAtTRzdaRJEmxvj
/QeH8A0T7tdHeYNZ+UBuNsmYbKNleH586ZYIJ8Vnc+a8/RNGPCeZaNXOgEfERQ8w
wWa+nes77d/iZDXOIAm36rLwkkhUb6sIfofh2KKRsS5/nK6M5kFY2+WChJd/LIaI
n/K/1KUmXWIHccd+yDEuI1LTRcIFJ8VceBGE++l9dzglpsmRq3A=
=XUlH
-----END PGP SIGNATURE-----

--BaIWnXuXMFNnY0gHa8I5FPbuEe704qrt8--


--===============3857502133156478276==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============3857502133156478276==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung