Описание
ELSA-2024-1751: unbound security update (IMPORTANT)
[1.16.2-5.6]
- Rebuilt again with z-stream target
[1.16.2-5.5]
- Correct typo in new config file
[1.16.2-5.4]
- Ensure group access correction reaches also updated configs (CVE-2024-1488)
[1.16.2-5.3]
- Ensure only unbound group can change configuration (CVE-2024-1488)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
python3-unbound
1.16.2-5.el8_9.6
unbound
1.16.2-5.el8_9.6
unbound-devel
1.16.2-5.el8_9.6
unbound-libs
1.16.2-5.el8_9.6
Oracle Linux x86_64
python3-unbound
1.16.2-5.el8_9.6
unbound
1.16.2-5.el8_9.6
unbound-devel
1.16.2-5.el8_9.6
unbound-libs
1.16.2-5.el8_9.6
Связанные CVE
Связанные уязвимости
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
A vulnerability was found in Unbound due to incorrect default permissi ...
