Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: 2025:20024-1 important: unbound DoS and DNSBomb fixes

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
SUSE release notes tackle severe unbound vulnerabilities, bolstering security measures. Ensure safety with updates countering critical risks.
* bsc#1215628 * bsc#1219823 * bsc#1219826 * bsc#1221164

Summary

## This update for unbound fixes the following issues: * Update to 1.20.0: Features: * The config for discard-timeout, wait-limit, wait-limit-cookie, wait-limit- netblock and wait-limit-cookie-netblock was added, for the fix to the DNSBomb issue. * Merge GH#1027: Introduce 'cache-min-negative-ttl' option. * Merge GH#1043 from xiaoxiaoafeifei: Add loongarch support; updates config.guess(2024-01-01) and config.sub(2024-01-01), verified with upstream. * Implement cachedb-check-when-serve-expired: yes option, default is enabled. When serve expired is enabled with cachedb, it first checks cachedb before serving the expired response. * Fix GH#876: [FR] can unbound-checkconf be silenced when configuration is valid? Bug Fixes: * Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang

References

* bsc#1215628

* bsc#1219823

* bsc#1219826

* bsc#1221164

Cross-

* CVE-2023-50387

* CVE-2023-50868

* CVE-2024-1931

* CVE-2024-33655

CVSS scores:

* CVE-2023-50387 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-50387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-50387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-50868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-50868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-1931 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-1931 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-1931 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20024-1
Release Date: 2025-02-03T08:50:21Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here