Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 22.04 LTS USN-5569-1 Moderate: Unbound Domain Caching Issue

ubuntu
Calendar Grey August 16, 2022
Dist Ubuntu Esm H88
The notice details vulnerabilities linked to Unbound's caching mechanisms. Apply security updates to the impacted Ubuntu releases urgently.
Unbound could be made to cache rogue domain names.

Summary

Unbound could be made to cache rogue domain names.

Software Description:

- unbound: validating, recursive, caching DNS resolver

Details:

Xiang Li discovered that Unbound incorrectly handled delegation caching.

A remote attacker could use this issue to keep rogue domain names

resolvable long after they have been revoked.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  libunbound8                     1.13.1-1ubuntu5.1
  unbound                         1.13.1-1ubuntu5.1

Ubuntu 20.04 LTS:
  libunbound8                     1.9.4-2ubuntu1.3
  unbound                         1.9.4-2ubuntu1.3

Ubuntu 18.04 LTS:
  libunbound2                     1.6.7-1ubuntu2.5
  unbound                         1.6.7-1ubuntu2.5

In general, a standard system update will make all the necessary changes.

References

CVE-2022-30698, CVE-2022-30699

Severity
important
Lowest
Low
Medium
High
Critical

August 16, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.