Описание
Moderate: unbound security, bug fix, and enhancement update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
The following packages have been upgraded to a later upstream version: unbound (1.16.2). (BZ#2087120)
Security Fix(es):
-
unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names (CVE-2022-30698)
-
unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names (CVE-2022-30699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 9
Связанные CVE
Исправления
- Red Hat - 1981415
- Red Hat - 2056116
- Red Hat - 2071543
- Red Hat - 2071943
- Red Hat - 2079548
- Red Hat - 2087120
- Red Hat - 2094336
- Red Hat - 2116725
- Red Hat - 2116729
- Red Hat - 2116802
Связанные уязвимости
ELSA-2022-8062: unbound security, bug fix, and enhancement update (MODERATE)
ELSA-2022-7622: unbound security, bug fix, and enhancement update (MODERATE)
Уязвимость DNS-сервера Unbound, связанная с неверным сроком действия сеанса, позволяющая нарушителю получить доступ к конфиденциальным данным
Уязвимость DNS-сервера Unbound, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании