Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Fedora 32: Unbound DoS and Loop Risks Critical Advisory

fedora
Calendar Grey May 23, 2020
Dist Fedora Esm H88
Fedora 32 is releasing a crucial update addressing Unbound DNS resolver vulnerabilities, enhancing security against DoS attacks and fixing malformed DNS responses.
Security fix for CVE-2020-12662 and CVE-2020-12663

Summary

Unbound is a validating, recursive, and caching DNS(SEC) resolver.

The C implementation of Unbound is developed and maintained by NLnet

Labs. It is based on ideas and algorithms taken from a java prototype

developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also

DNSSEC (secure DNS) validation and stub-resolvers (that do not run

as a server, but are linked into an application) are easily possible.

Security fix for CVE-2020-12662 and CVE-2020-12663

* Tue May 19 2020 Paul Wouters - 1.10.1-1

- Resolves: rhbz#1837279 unbound-1.10.1 is available

- Resolves: rhbz#1837598 CVE-2020-12662 unbound: insufficient control of network message volume leads to DoS

- Resolves: rhbz#1837609 CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers

- Updated unbound.conf for new options in 1.10.1

[ 1 ] Bug #1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target

https://bugzilla.redhat.com/show_bug.cgi?id=1837597

[ 2 ] Bug #1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers

https://bugzilla.redhat.com/show_bug.cgi?id=1837604

su -c 'dnf upgrade --advisory FEDORA-2020-3cfd38fefd' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora critical DoS network management unbound malformed DNS

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 32
Version: 1.10.1
Release: 1.fc32
URL: https://nlnetlabs.nl/projects/unbound/about/
Summary: Validating, recursive, and caching DNS(SEC) resolver

Topics%20covered

Topics Covered

security advisory fedora critical DoS network management unbound malformed DNS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here