Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Ubuntu: 6665-1 Unbound Critical Update For Denial Of Service Risk

ubuntu
Calendar Grey February 28, 2024
Dist Ubuntu Esm H88
Major security flaws have been resolved for Ubuntu versions 23.10, 22.04, and 20.04 LTS, along with instructions for implementing necessary updates.
Several security issues were fixed in Unbound.

Summary

Several security issues were fixed in Unbound.

Software Description:

- unbound: validating, recursive, caching DNS resolver

Details:

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered

that Unbound incorrectly handled validating DNSSEC messages. A remote

attacker could possibly use this issue to cause Unbound to consume

resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Unbound incorrectly handled preparing an NSEC3

closest encloser proof. A remote attacker could possibly use this issue to

cause Unbound to consume resources, leading to a denial of service.

(CVE-2023-50868)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   libunbound8                     1.17.1-2ubuntu0.1
   unbound                         1.17.1-2ubuntu0.1

Ubuntu 22.04 LTS:
   libunbound8                     1.13.1-1ubuntu5.4
   unbound                         1.13.1-1ubuntu5.4

Ubuntu 20.04 LTS:
   libunbound8                     1.9.4-2ubuntu1.5
   unbound                         1.9.4-2ubuntu1.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6665-1

CVE-2023-50387, CVE-2023-50868

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6665-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.