Описание
ELSA-2024-1750: unbound security update (IMPORTANT)
[1.16.2-3.5]
- Rebuilt again with z-stream target
[1.16.2-3.4]
- Correct typo in new config file
[1.16.2-3.3]
- Ensure group access correction reaches also updated configs (CVE-2024-1488)
[1.16.2-3.2]
- Ensure only unbound group can change configuration (CVE-2024-1488)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
python3-unbound
1.16.2-3.el9_3.5
unbound
1.16.2-3.el9_3.5
unbound-devel
1.16.2-3.el9_3.5
unbound-libs
1.16.2-3.el9_3.5
Oracle Linux x86_64
python3-unbound
1.16.2-3.el9_3.5
unbound
1.16.2-3.el9_3.5
unbound-devel
1.16.2-3.el9_3.5
unbound-libs
1.16.2-3.el9_3.5
Связанные CVE
Связанные уязвимости
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
A vulnerability was found in Unbound due to incorrect default permissi ...
