Описание
Moderate: unbound security, bug fix, and enhancement update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
The following packages have been upgraded to a later upstream version: unbound (1.16.2). (BZ#2027735)
Security Fix(es):
-
unbound: the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names (CVE-2022-30698)
-
unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names (CVE-2022-30699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1959468
- Red Hat - 2018806
- Red Hat - 2023549
- Red Hat - 2027735
- Red Hat - 2038251
- Red Hat - 2081958
- Red Hat - 2116725
- Red Hat - 2116729
Связанные уязвимости
ELSA-2022-8062: unbound security, bug fix, and enhancement update (MODERATE)
ELSA-2022-7622: unbound security, bug fix, and enhancement update (MODERATE)
Уязвимость DNS-сервера Unbound, связанная с неверным сроком действия сеанса, позволяющая нарушителю получить доступ к конфиденциальным данным
Уязвимость DNS-сервера Unbound, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании