Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE: 2024:1991-2 Important: Unbound DoS and Resource Exhaustion Advisory

suse
Calendar Grey August 1, 2024
Dist Suse Esm H88
This crucial SUSE security notification details unbound modifications and addresses significant concerns impacting efficiency and safety.
* bsc#1202031 * bsc#1202033 * bsc#1203643 * bsc#1219823 * bsc#1219826

Summary

## This update for unbound fixes the following issues: unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list take a look at the changelog located at: /usr/share/doc/packages/unbound/Changelog or https://www.nlnetlabs.nl/projects/unbound/download/ Some Noteworthy Changes: * Removed DLV. The DLV has been decommisioned since unbound 1.5.4 and has been advised to stop using it since. The use of dlv options displays a warning. * Remove EDNS lame procedure, do not re-query without EDNS after timeout. * Add DNS over HTTPS * libunbound has been upgraded to major version 8 Security Fixes: * CVE-2023-50387: DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. [bsc#1219823] *

References

* bsc#1202031

* bsc#1202033

* bsc#1203643

* bsc#1219823

* bsc#1219826

* jsc#PED-8333

Cross-

* CVE-2022-30698

* CVE-2022-30699

* CVE-2022-3204

* CVE-2023-50387

* CVE-2023-50868

CVSS scores:

* CVE-2022-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2022-30698 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2022-30699 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2022-30699 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2022-3204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-3204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-50387 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1991-2
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here