—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n
=====================================================================
\nRed Hat Security Advisory<\/p>\n
Synopsis: Moderate: unbound security update
\nAdvisory ID: RHSA-2022:0632-01
\nProduct: Red Hat Enterprise Linux
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0632
\nIssue date: 2022-02-22
\nCVE Names: CVE-2019-25032 CVE-2019-25034 CVE-2019-25035
\nCVE-2019-25036 CVE-2019-25037 CVE-2019-25038
\nCVE-2019-25039 CVE-2019-25040 CVE-2019-25041
\nCVE-2019-25042 CVE-2020-28935
\n=====================================================================<\/p>\n
1. Summary:<\/p>\n
An update for unbound is now available for Red Hat Enterprise Linux 8.2
\nExtended Update Support.<\/p>\n
Red Hat Product Security has rated this update as having a security impact
\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE link(s) in the References section.<\/p>\n
2. Relevant releases\/architectures:<\/p>\n
Red Hat Enterprise Linux AppStream EUS (v. 8.2) – aarch64, ppc64le, s390x, x86_64<\/p>\n
3. Description:<\/p>\n
The unbound packages provide a validating, recursive, and caching DNS or
\nDNSSEC resolver.<\/p>\n
Security Fix(es):<\/p>\n
* unbound: integer overflow in the regional allocator via regional_alloc
\n(CVE-2019-25032)<\/p>\n
* unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to
\nan out-of-bounds write (CVE-2019-25034)<\/p>\n
* unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)<\/p>\n
* unbound: assertion failure and denial of service in synth_cname
\n(CVE-2019-25036)<\/p>\n
* unbound: assertion failure and denial of service in dname_pkt_copy via an
\ninvalid packet (CVE-2019-25037)<\/p>\n
* unbound: integer overflow in a size calculation in dnscrypt\/dnscrypt.c
\n(CVE-2019-25038)<\/p>\n
* unbound: integer overflow in a size calculation in respip\/respip.c
\n(CVE-2019-25039)<\/p>\n
* unbound: infinite loop via a compressed name in dname_pkt_copy
\n(CVE-2019-25040)<\/p>\n
* unbound: assertion failure via a compressed name in dname_pkt_copy
\n(CVE-2019-25041)<\/p>\n
* unbound: out-of-bounds write via a compressed name in rdata_copy
\n(CVE-2019-25042)<\/p>\n
* unbound: symbolic link traversal when writing PID file (CVE-2020-28935)<\/p>\n
For more details about the security issue(s), including the impact, a CVSS
\nscore, acknowledgments, and other related information, refer to the CVE
\npage(s) listed in the References section.<\/p>\n
4. Solution:<\/p>\n
For details on how to apply this update, which includes the changes
\ndescribed in this advisory, refer to:<\/p>\n
https:\/\/access.redhat.com\/articles\/11258<\/p>\n
5. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n
1878761 – CVE-2020-28935 unbound: symbolic link traversal when writing PID file
\n1954772 – CVE-2019-25032 unbound: integer overflow in the regional allocator via regional_alloc
\n1954778 – CVE-2019-25034 unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write
\n1954780 – CVE-2019-25035 unbound: out-of-bounds write in sldns_bget_token_par
\n1954782 – CVE-2019-25036 unbound: assertion failure and denial of service in synth_cname
\n1954794 – CVE-2019-25037 unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet
\n1954796 – CVE-2019-25038 unbound: integer overflow in a size calculation in dnscrypt\/dnscrypt.c
\n1954797 – CVE-2019-25039 unbound: integer overflow in a size calculation in respip\/respip.c
\n1954799 – CVE-2019-25040 unbound: infinite loop via a compressed name in dname_pkt_copy
\n1954801 – CVE-2019-25041 unbound: assertion failure via a compressed name in dname_pkt_copy
\n1954804 – CVE-2019-25042 unbound: out-of-bounds write via a compressed name in rdata_copy<\/p>\n
6. Package List:<\/p>\n
Red Hat Enterprise Linux AppStream EUS (v. 8.2):<\/p>\n
Source:
\nunbound-1.7.3-12.el8_2.src.rpm<\/p>\n
aarch64:
\npython3-unbound-1.7.3-12.el8_2.aarch64.rpm
\npython3-unbound-debuginfo-1.7.3-12.el8_2.aarch64.rpm
\nunbound-1.7.3-12.el8_2.aarch64.rpm
\nunbound-debuginfo-1.7.3-12.el8_2.aarch64.rpm
\nunbound-debugsource-1.7.3-12.el8_2.aarch64.rpm
\nunbound-devel-1.7.3-12.el8_2.aarch64.rpm
\nunbound-libs-1.7.3-12.el8_2.aarch64.rpm
\nunbound-libs-debuginfo-1.7.3-12.el8_2.aarch64.rpm<\/p>\n
ppc64le:
\npython3-unbound-1.7.3-12.el8_2.ppc64le.rpm
\npython3-unbound-debuginfo-1.7.3-12.el8_2.ppc64le.rpm
\nunbound-1.7.3-12.el8_2.ppc64le.rpm
\nunbound-debuginfo-1.7.3-12.el8_2.ppc64le.rpm
\nunbound-debugsource-1.7.3-12.el8_2.ppc64le.rpm
\nunbound-devel-1.7.3-12.el8_2.ppc64le.rpm
\nunbound-libs-1.7.3-12.el8_2.ppc64le.rpm
\nunbound-libs-debuginfo-1.7.3-12.el8_2.ppc64le.rpm<\/p>\n
s390x:
\npython3-unbound-1.7.3-12.el8_2.s390x.rpm
\npython3-unbound-debuginfo-1.7.3-12.el8_2.s390x.rpm
\nunbound-1.7.3-12.el8_2.s390x.rpm
\nunbound-debuginfo-1.7.3-12.el8_2.s390x.rpm
\nunbound-debugsource-1.7.3-12.el8_2.s390x.rpm
\nunbound-devel-1.7.3-12.el8_2.s390x.rpm
\nunbound-libs-1.7.3-12.el8_2.s390x.rpm
\nunbound-libs-debuginfo-1.7.3-12.el8_2.s390x.rpm<\/p>\n
x86_64:
\npython3-unbound-1.7.3-12.el8_2.x86_64.rpm
\npython3-unbound-debuginfo-1.7.3-12.el8_2.i686.rpm
\npython3-unbound-debuginfo-1.7.3-12.el8_2.x86_64.rpm
\nunbound-1.7.3-12.el8_2.x86_64.rpm
\nunbound-debuginfo-1.7.3-12.el8_2.i686.rpm
\nunbound-debuginfo-1.7.3-12.el8_2.x86_64.rpm
\nunbound-debugsource-1.7.3-12.el8_2.i686.rpm
\nunbound-debugsource-1.7.3-12.el8_2.x86_64.rpm
\nunbound-devel-1.7.3-12.el8_2.i686.rpm
\nunbound-devel-1.7.3-12.el8_2.x86_64.rpm
\nunbound-libs-1.7.3-12.el8_2.i686.rpm
\nunbound-libs-1.7.3-12.el8_2.x86_64.rpm
\nunbound-libs-debuginfo-1.7.3-12.el8_2.i686.rpm
\nunbound-libs-debuginfo-1.7.3-12.el8_2.x86_64.rpm<\/p>\n
These packages are GPG signed by Red Hat for security. Our key and
\ndetails on how to verify the signature are available from
\nhttps:\/\/access.redhat.com\/security\/team\/key\/<\/p>\n
7. References:<\/p>\n
https:\/\/access.redhat.com\/security\/cve\/CVE-2019-25032
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25034
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25035
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25036
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25037
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25038
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25039
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25040
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25041
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2019-25042
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2020-28935
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#moderate<\/p>\n
8. Contact:<\/p>\n
The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n
Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n
iQIVAwUBYhVgaNzjgjWX9erEAQhDog\/\/aiNDt8kdeS4soim5HpKUf1ypyo7UA2MW
\nJDDPpGTbYLfvu3lVPQAcUfaIBT5mvuXLOnAd5PwdBWyCbXXEiDr7KAz0anj1zrcf
\nYu6V6cpKjsDIa\/TkVNq3eB8fMC7UGWa1nKwuvnlk8ZbLpBW\/OeiBWbj\/\/cmECsKB
\ni9B7YsLq12nwLj6Fyg1okN3GuY8UDvBbg4EMBSdTayUuAxzkPi5O2dFftIejeugA
\nAu7O5B2ynjuGbeOWvvW++qP5+z+bE00w4zY7sHQUZ5zGgdR8wcDAH4RoBRWfUmey
\nEzPi6XdS3MKcsjLHt7f6QhggtoUbpLuTu2IJP5JAn53VgrwVm78mLD8AsJcoxIAM
\nlDqE9eoEloIooLbTk9Xie\/fdhfbD5ZZnZWUEfdwRs3v7pCmhbPGeLvUfoG1\/JtYb
\n6lMrft28M7x7iKneDDouUO3UgamZVR7zoe5smjhbXTKiLFbBpJGdbe\/ci7Gh7ss+
\n7f3H8keS+bvbiwg19V8G77jLmpi6Hl6QChw15T6oG8AMsOFzGI5ZNSgog1DOMgqo
\nsVegT\/lSQntBXlGP+KUhL2Bj6EJLjY6I7Qw1rJijYKnCEtLZffMysKiiF5AyI+pS
\nGs5ntmp9FpD94k++yLpgPyaA9xoyJnS3CQ\/jfjARoj7haFJuO5bl49H4A6cLHJrR
\nEYSdpkjZRxI=
\n=Dn\/C
\n—–END PGP SIGNATURE—–<\/p>\n
—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: unbound security update Advisory ID: RHSA-2022:0632-01 Product: Red Hat Enterprise Linux Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0632 Issue date: 2022-02-22 CVE Names: CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-28935 ===================================================================== 1. Summary: An update for unbound is now available for Red …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-21032","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=21032"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21032\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=21032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=21032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=21032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}