Описание
Security update for unbound
This update for unbound fixes the following issues:
- CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target (bsc#1171889).
- CVE-2020-12663: Fixed an issue where malformed answers from upstream name servers could have been used to make unbound unresponsive (bsc#1171889).
- CVE-2019-18934: Fixed a vulnerability in the IPSec module which could have allowed code execution after receiving a special crafted answer (bsc#1157268).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libunbound2-1.6.8-3.6.1
unbound-anchor-1.6.8-3.6.1
unbound-devel-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libunbound2-1.6.8-3.6.1
unbound-anchor-1.6.8-3.6.1
unbound-devel-1.6.8-3.6.1
SUSE Linux Enterprise Server 15-LTSS
libunbound2-1.6.8-3.6.1
unbound-anchor-1.6.8-3.6.1
unbound-devel-1.6.8-3.6.1
SUSE Linux Enterprise Server for SAP Applications 15
libunbound2-1.6.8-3.6.1
unbound-anchor-1.6.8-3.6.1
unbound-devel-1.6.8-3.6.1
Ссылки
- Link for SUSE-SU-2020:1819-1
- E-Mail link for SUSE-SU-2020:1819-1
- SUSE Security Ratings
- SUSE Bug 1157268
- SUSE Bug 1171889
- SUSE CVE CVE-2019-18934 page
- SUSE CVE CVE-2020-12662 page
- SUSE CVE CVE-2020-12663 page
Описание
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libunbound2-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:unbound-anchor-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:unbound-devel-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:libunbound2-1.6.8-3.6.1
Ссылки
- CVE-2019-18934
- SUSE Bug 1157268
Описание
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libunbound2-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:unbound-anchor-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:unbound-devel-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:libunbound2-1.6.8-3.6.1
Ссылки
- CVE-2020-12662
- SUSE Bug 1171889
Описание
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libunbound2-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:unbound-anchor-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:unbound-devel-1.6.8-3.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:libunbound2-1.6.8-3.6.1
Ссылки
- CVE-2020-12663
- SUSE Bug 1171889