-
unbound (1.6.7-1ubuntu2.6) bionic-security; urgency=medium
* SECURITY UPDATE: Non-Responsive Delegation Attack
- debian/patches/CVE-2022-3204.patch: limit number of lookups in
iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c,
services/cache/dns.c, services/mesh.*.
- CVE-2022-3204
-- Marc Deslauriers <email address hidden> Tue, 15 Nov 2022 15:07:17 -0500
-
unbound (1.6.7-1ubuntu2.5) bionic-security; urgency=medium
* SECURITY UPDATE: Ghost domain names issues
- debian/patches/CVE-2022-3069x-pre1.patch: fix that cachedb could
return a partial CNAME chain in cachedb/cachedb.c,
iterator/iterator.c, services/cache/dns.c, services/cache/dns.h.
- debian/patches/CVE-2022-3069x-pre2.patch: backport a version of the
iter_stub_fwd_no_cache function in iterator/iter_utils.c,
iterator/iter_utils.h.
- debian/patches/CVE-2022-3069x-pre3.patch: fix that nxdomain synthesis
does not happen above the stub or forward definition in
cachedb/cachedb.c, iterator/iter_utils.c, iterator/iter_utils.h,
iterator/iterator.c, services/cache/dns.c, services/cache/dns.h.
- debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain
issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c,
dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c,
iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i,
pythonmod/pythonmod_utils.c, services/cache/dns.c,
services/cache/dns.h, services/mesh.c,
testdata/iter_prefetch_change.rpl, util/module.h,
validator/validator.c.
- CVE-2022-30698
- CVE-2022-30699
-- Marc Deslauriers <email address hidden> Thu, 04 Aug 2022 07:56:04 -0400
-
unbound (1.6.7-1ubuntu2.4) bionic-security; urgency=medium
* SECURITY UPDATE: configuration injection via MITM
- debian/patches/CVE-2019-25031.patch: use https, remove special
characters in contrib/create_unbound_ad_servers.sh.
- CVE-2019-25031
* SECURITY UPDATE: integer overflows in the regional allocator
- debian/patches/CVE-2019-25032.patch: fix overflows in config.h.in,
configure, configure.ac, util/regional.c.
- CVE-2019-25032
- CVE-2019-25033
* SECURITY UPDATE: integer overflow in sldns_str2wire_dname_buf_origin
- debian/patches/CVE-2019-25034.patch: check lengths in
sldns/str2wire.c.
- CVE-2019-25034
* SECURITY UPDATE: out-of-bounds write in sldns_bget_token_par
- debian/patches/CVE-2019-25035.patch: check for space in
sldns/parse.c.
- CVE-2019-25035
* SECURITY UPDATE: assertion failure and denial of service
- debian/patches/CVE-2019-25036.patch: validate lengths in
iterator/iter_scrub.c.
- CVE-2019-25036
* SECURITY UPDATE: assertion failure and denial of service
- debian/patches/CVE-2019-25037.patch: validate length in
util/data/dname.c.
- CVE-2019-25037
* SECURITY UPDATE: integer overflow in a size calculation
- debian/patches/CVE-2019-25038.patch: check for overflows in
dnscrypt/dnscrypt.c, respip/respip.c.
- CVE-2019-25038
- CVE-2019-25039
* SECURITY UPDATE: infinite loop and assertion fail via compressed name
- debian/patches/CVE-2019-25040.patch: validate compression pointers in
util/data/dname.c.
- CVE-2019-25040
- CVE-2019-25041
* SECURITY UPDATE: out-of-bounds write via a compressed name
- debian/patches/CVE-2019-25042.patch: move assert in
util/data/msgreply.c.
- CVE-2019-25042
* SECURITY UPDATE: incorrect PID file handling
- debian/patches/CVE-2020-28935.patch: check for symlinks in
daemon/unbound.c.
- CVE-2020-28935
* debian/patches: rename debian-changes to misc-changes.patch.
-- Marc Deslauriers <email address hidden> Wed, 05 May 2021 07:38:50 -0400
-
unbound (1.6.7-1ubuntu2.3) bionic-security; urgency=medium
* SECURITY UPDATE: amplification attack and denial of service
- debian/patches/CVE-2020-1226x.patch: fix iterator logic in
iterator/iter_delegpt.c, iterator/iter_delegpt.h,
iterator/iter_scrub.c, iterator/iter_utils.c, iterator/iterator.c,
iterator/iterator.h, services/cache/dns.c, util/data/dname.c,
util/data/msgparse.c.
- CVE-2020-12263
- CVE-2020-12264
-- Marc Deslauriers <email address hidden> Fri, 22 May 2020 09:11:45 -0400
-
unbound (1.6.7-1ubuntu2.2) bionic; urgency=medium
* d/p/lp-1788622-fix-systemd-reload.patch: Fix hang due to all worker threads
stopping on reload (LP: #1788622)
-- Christian Ehrhardt <email address hidden> Mon, 27 Aug 2018 14:12:29 +0200
-
unbound (1.6.7-1ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: vulnerability in the processing of wildcard
synthesized NSEC records (LP: #1773720)
- debian/patches/CVE-2017-15105.patch
- CVE-2017-15105
-- Simon Deziel <email address hidden> Mon, 28 May 2018 02:38:19 +0000
-
unbound (1.6.7-1ubuntu2) bionic; urgency=medium
* debian/apparmor-profile: add capabilities to chown/chmod Unix
control socket and allow reading /var/lib/sss/mc/initgroups
(Closes: #891705, LP: #1749931)
-- Simon Deziel <email address hidden> Tue, 27 Feb 2018 21:31:49 -0500
-
unbound (1.6.7-1ubuntu1) bionic; urgency=medium
* debian/apparmor: update to allow writing to /run/systemd/notify
(Closes: #867186, LP: #1723900)
-- Jamie Strandboge <email address hidden> Thu, 22 Feb 2018 19:35:23 +0000
-
unbound (1.6.7-1build1) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 23:29:28 +0000
-
unbound (1.6.7-1) unstable; urgency=medium
* New upstream version 1.6.7
-- Robert Edmonds <email address hidden> Sun, 15 Oct 2017 17:46:46 -0400
-
unbound (1.6.5-1) unstable; urgency=high
[ Robert Edmonds ]
* New upstream version 1.6.5
- Fix install of trust anchor when two anchors are present, makes both
valid. Checks hash of DS but not signature of new key. This fixes
installs between sep11 and oct11 2017.
* debian/rules: Enable EDNS Client Subnet in daemon
[ Simon Deziel ]
* debian/unbound.service: Set PIDFile= (Closes: #867192)
[ Antony Antony ]
* debian/rules: Enable libevent for libunbound2 API (Closes: #871675)
-- Robert Edmonds <email address hidden> Tue, 22 Aug 2017 22:50:56 -0400
