RedHat: RHSA-2022-7622:01 Moderate: unbound security, bug fix, | Li...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: unbound security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:7622-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7622
Issue date:        2022-11-08
CVE Names:         CVE-2022-30698 CVE-2022-30699 
=====================================================================

1. Summary:

An update for unbound is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The unbound packages provide a validating, recursive, and caching DNS or
DNSSEC resolver.

The following packages have been upgraded to a later upstream version:
unbound (1.16.2). (BZ#2027735)

Security Fix(es):

* unbound: the novel ghost domain where malicious users to trigger
continued resolvability of malicious domain names (CVE-2022-30698)

* unbound: novel ghost domain attack where malicious users to trigger
continued resolvability of malicious domain names (CVE-2022-30699)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1959468 - unbound-keygen needs to be stoped
2018806 - unbound-keygen requires openssl [rhel8]
2023549 - unbound support for RFC 8767
2027735 - [RFE] Rebase unbound to latest stable release
2038251 - AVC denials recorded for fsetid while running unbound with local socket, though it (unbound-control) still works!
2081958 - chroot functionality isn't available in unbound-1.7.3 in RHEL8
2116725 - CVE-2022-30698 unbound:  the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names
2116729 - CVE-2022-30699 unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
unbound-1.16.2-2.el8.src.rpm

aarch64:
python3-unbound-1.16.2-2.el8.aarch64.rpm
python3-unbound-debuginfo-1.16.2-2.el8.aarch64.rpm
unbound-1.16.2-2.el8.aarch64.rpm
unbound-debuginfo-1.16.2-2.el8.aarch64.rpm
unbound-debugsource-1.16.2-2.el8.aarch64.rpm
unbound-devel-1.16.2-2.el8.aarch64.rpm
unbound-libs-1.16.2-2.el8.aarch64.rpm
unbound-libs-debuginfo-1.16.2-2.el8.aarch64.rpm

ppc64le:
python3-unbound-1.16.2-2.el8.ppc64le.rpm
python3-unbound-debuginfo-1.16.2-2.el8.ppc64le.rpm
unbound-1.16.2-2.el8.ppc64le.rpm
unbound-debuginfo-1.16.2-2.el8.ppc64le.rpm
unbound-debugsource-1.16.2-2.el8.ppc64le.rpm
unbound-devel-1.16.2-2.el8.ppc64le.rpm
unbound-libs-1.16.2-2.el8.ppc64le.rpm
unbound-libs-debuginfo-1.16.2-2.el8.ppc64le.rpm

s390x:
python3-unbound-1.16.2-2.el8.s390x.rpm
python3-unbound-debuginfo-1.16.2-2.el8.s390x.rpm
unbound-1.16.2-2.el8.s390x.rpm
unbound-debuginfo-1.16.2-2.el8.s390x.rpm
unbound-debugsource-1.16.2-2.el8.s390x.rpm
unbound-devel-1.16.2-2.el8.s390x.rpm
unbound-libs-1.16.2-2.el8.s390x.rpm
unbound-libs-debuginfo-1.16.2-2.el8.s390x.rpm

x86_64:
python3-unbound-1.16.2-2.el8.x86_64.rpm
python3-unbound-debuginfo-1.16.2-2.el8.i686.rpm
python3-unbound-debuginfo-1.16.2-2.el8.x86_64.rpm
unbound-1.16.2-2.el8.x86_64.rpm
unbound-debuginfo-1.16.2-2.el8.i686.rpm
unbound-debuginfo-1.16.2-2.el8.x86_64.rpm
unbound-debugsource-1.16.2-2.el8.i686.rpm
unbound-debugsource-1.16.2-2.el8.x86_64.rpm
unbound-devel-1.16.2-2.el8.i686.rpm
unbound-devel-1.16.2-2.el8.x86_64.rpm
unbound-libs-1.16.2-2.el8.i686.rpm
unbound-libs-1.16.2-2.el8.x86_64.rpm
unbound-libs-debuginfo-1.16.2-2.el8.i686.rpm
unbound-libs-debuginfo-1.16.2-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-30698
https://access.redhat.com/security/cve/CVE-2022-30699
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2pSaNzjgjWX9erEAQi/Kg//YDJsezVsDdYsWXoPhm77vguQm1WZk6ly
jihpm448rb3CVGF+BFNgzblnsppGiqwKniIqqrBdLGlNrdIdfwBNaQuUJWkczy9m
7SgE2ar8nhBjTDdOfHjXpsydqvNQGOlzFrmi7uprMK2o1K+ykbBB0I0vCThlUGLo
SyKFN4FiQV46e5E+QuRdvnqGIbsj0xFTRVJJLQAsAJSKM1WNGK1wDJAobzwyHoYs
1WvoI9XxkB49a7VxhjjbBZF60BuFOydppCmQg/Z++EC7L9uH4rO4vpizxwYvUtjO
iu7w0sDkNIO0rwaZ5g4SkqYqhsh5sO0sygowkkgq/IXjrInZMJ8HrxtFOHBNMwI/
nJkJ7yRpqhrnvcYeOj0e8NEMfozLqEyxC9G1yIjIkpyMwtDjk2B+hj5Hdpwnrwct
Num7OVDhpGX0bcyQ2+IdRzrXPMvnQLIOPuTbSCx0liZY6a46JQb76GPCysj2S3GW
if9IaGmnnT6j4+wgLkdb1GSjUHn5EcyDb/pNmlos0Ph2F1fS/jEqcvNZcQbf4NSU
cJsvj6G+Bb4tM+pUHakIgCwHYldkxp0NeUcZL4b8qLIcz78PLFm8wKdtAk7wnOsX
tvP8CHZHQnKqnxIr8/aiyHs7jhdsw5gXX4wAtk4J/5li4sACXWhhEoB286rbixa5
md+30gjiIog=
=xuvM
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-7622:01 Moderate: unbound security, bug fix,

An update for unbound is now available for Red Hat Enterprise Linux 8

Summary

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
The following packages have been upgraded to a later upstream version: unbound (1.16.2). (BZ#2027735)
Security Fix(es):
* unbound: the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names (CVE-2022-30698)
* unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names (CVE-2022-30699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: unbound-1.16.2-2.el8.src.rpm
aarch64: python3-unbound-1.16.2-2.el8.aarch64.rpm python3-unbound-debuginfo-1.16.2-2.el8.aarch64.rpm unbound-1.16.2-2.el8.aarch64.rpm unbound-debuginfo-1.16.2-2.el8.aarch64.rpm unbound-debugsource-1.16.2-2.el8.aarch64.rpm unbound-devel-1.16.2-2.el8.aarch64.rpm unbound-libs-1.16.2-2.el8.aarch64.rpm unbound-libs-debuginfo-1.16.2-2.el8.aarch64.rpm
ppc64le: python3-unbound-1.16.2-2.el8.ppc64le.rpm python3-unbound-debuginfo-1.16.2-2.el8.ppc64le.rpm unbound-1.16.2-2.el8.ppc64le.rpm unbound-debuginfo-1.16.2-2.el8.ppc64le.rpm unbound-debugsource-1.16.2-2.el8.ppc64le.rpm unbound-devel-1.16.2-2.el8.ppc64le.rpm unbound-libs-1.16.2-2.el8.ppc64le.rpm unbound-libs-debuginfo-1.16.2-2.el8.ppc64le.rpm
s390x: python3-unbound-1.16.2-2.el8.s390x.rpm python3-unbound-debuginfo-1.16.2-2.el8.s390x.rpm unbound-1.16.2-2.el8.s390x.rpm unbound-debuginfo-1.16.2-2.el8.s390x.rpm unbound-debugsource-1.16.2-2.el8.s390x.rpm unbound-devel-1.16.2-2.el8.s390x.rpm unbound-libs-1.16.2-2.el8.s390x.rpm unbound-libs-debuginfo-1.16.2-2.el8.s390x.rpm
x86_64: python3-unbound-1.16.2-2.el8.x86_64.rpm python3-unbound-debuginfo-1.16.2-2.el8.i686.rpm python3-unbound-debuginfo-1.16.2-2.el8.x86_64.rpm unbound-1.16.2-2.el8.x86_64.rpm unbound-debuginfo-1.16.2-2.el8.i686.rpm unbound-debuginfo-1.16.2-2.el8.x86_64.rpm unbound-debugsource-1.16.2-2.el8.i686.rpm unbound-debugsource-1.16.2-2.el8.x86_64.rpm unbound-devel-1.16.2-2.el8.i686.rpm unbound-devel-1.16.2-2.el8.x86_64.rpm unbound-libs-1.16.2-2.el8.i686.rpm unbound-libs-1.16.2-2.el8.x86_64.rpm unbound-libs-debuginfo-1.16.2-2.el8.i686.rpm unbound-libs-debuginfo-1.16.2-2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:7622-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7622
Issued Date: : 2022-11-08
CVE Names: CVE-2022-30698 CVE-2022-30699

Topic

An update for unbound is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1959468 - unbound-keygen needs to be stoped

2018806 - unbound-keygen requires openssl [rhel8]

2023549 - unbound support for RFC 8767

2027735 - [RFE] Rebase unbound to latest stable release

2038251 - AVC denials recorded for fsetid while running unbound with local socket, though it (unbound-control) still works!

2081958 - chroot functionality isn't available in unbound-1.7.3 in RHEL8

2116725 - CVE-2022-30698 unbound: the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names

2116729 - CVE-2022-30699 unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.