Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-0837

Опубликовано: 30 янв. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-0837: unbound security update (IMPORTANT)

[1.16.2-5.8]

  • Prevent unbounded name compression (CVE-2024-8508)

[1.16.2-5.7]

  • Rebuild to propagate to CentOS Stream (RHEL-25500)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

python3-unbound

1.16.2-5.8.el8_10

unbound

1.16.2-5.8.el8_10

unbound-devel

1.16.2-5.8.el8_10

unbound-libs

1.16.2-5.8.el8_10

Oracle Linux x86_64

python3-unbound

1.16.2-5.8.el8_10

unbound

1.16.2-5.8.el8_10

unbound-devel

1.16.2-5.8.el8_10

unbound-libs

1.16.2-5.8.el8_10

Связанные CVE

CVE-2024-1488
CVE-2024-8508

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2025:0837

rocky
9 месяцев назад

Important: unbound security update

ubuntu логотип

CVE-2024-1488

CVSS3: 8
ubuntu
больше 1 года назад

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

redhat логотип

CVE-2024-1488

CVSS3: 8
redhat
больше 1 года назад

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

nvd логотип

CVE-2024-1488

CVSS3: 8
nvd
больше 1 года назад

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.

debian логотип

CVE-2024-1488

CVSS3: 8
debian
больше 1 года назад

A vulnerability was found in Unbound due to incorrect default permissi ...