## This update for unbound fixes the following issues: * Update to 1.20.0: Features: * The config for discard-timeout, wait-limit, wait-limit-cookie, wait-limit- netblock and wait-limit-cookie-netblock was added, for the fix to the DNSBomb issue. * Merge GH#1027: Introduce 'cache-min-negative-ttl' option. * Merge GH#1043 from xiaoxiaoafeifei: Add loongarch support; updates config.guess(2024-01-01) and config.sub(2024-01-01), verified with upstream. * Implement cachedb-check-when-serve-expired: yes option, default is enabled. When serve expired is enabled with cachedb, it first checks cachedb before serving the expired response. * Fix GH#876: [FR] can unbound-checkconf be silenced when configuration is valid? Bug Fixes: * Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang
* bsc#1215628
* bsc#1219823
* bsc#1219826
* bsc#1221164
Cross-
* CVE-2023-50387
* CVE-2023-50868
* CVE-2024-1931
* CVE-2024-33655
CVSS scores:
* CVE-2023-50387 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-1931 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-1931 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-1931 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Get the latest Linux and open source security news straight to your inbox.