[SECURITY] [DLA 1264-1] unbound security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1264-1] unbound security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 30 Jan 2018 17:42:07 +0100
Message-id: <[🔎] 85a66f37-a5d5-4dd0-dfc6-4ca138bbe8cd@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : unbound
Version        : 1.4.17-3+deb7u3
CVE ID         : CVE-2017-15105
Debian Bug     : 887733

Ralph Dolmans and Karst Koymans found a flaw in the way unbound
validated wildcard-synthesized NSEC records. An improperly validated
wildcard NSEC record could be used to prove the non-existence
(NXDOMAIN answer) of an existing wildcard record, or trick unbound
into accepting a NODATA proof.

For more information please refer to the upstream advisory at
https://unbound.net/downloads/CVE-2017-15105.txt.

For Debian 7 "Wheezy", these problems have been fixed in version
1.4.17-3+deb7u3.

We recommend that you upgrade your unbound packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpwoF9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSEUg//Sk8o+S3Zb58UxdQpMVdyxDjlFY+zbLSwGf/8OBU4eN8zVWix/zu/Wd5r
2uQ+KFRY/2e3ORTdzBas9Rgf5lB5fzQ8215kzadjY7zXVUHX/C9kI1Eu5EH1xFZQ
AIBwSh/AVG/Pn6YqTQUR8hq0lvBo16Y7Xd44qcGAjISKORjZyWq7ucPyQFGz7aTi
/AMGauGgC99PG2xe4P08XkFeG4VOAkA3rEisA0qjrkgfb63pkfpVwLMVCCGsK7sZ
daJ/WRWrKohC+HJiAzRWGkP3FwhoYMvPQVcYyqW5KfZzaHQANQWvvIRr9NB/VZgp
R8WspOXK+zXW85E1+WUPm3BEJlm0fN29rDeWluPwlt/20wSLGPvI+v+qsxjrF8w/
bxnybnRFjDg6WQn2hj4aYhT+Ao9j6mmcrxYrF1fSjdWX3+/G774s7yugdKdJu3ug
tbH73b9EuGgXGZQB5cgdMYF6bQIqeK+WSsnwNoFaopZkybhnmhcUK4hlnDFaDDGP
/YelkElcw4Q8PHnWn2J1KespPeGaBX5k2watA1d0dBrgy5kl2Y6VeIlj52oTGsyS
9cFLz9dLzKwHTU9ZahSkNfraLiXyZMWZE+lIUhrqzb+4kRs6hYGd6ASAJQKI3Pi5
PzeNPoXhRobjrznPwoSigIgP8ke75Tx8bL47dTfPSRjaTV4Htqg=
=3RVZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1263-1] curl security update
Next by Date: [SECURITY] [DLA 1265-1] krb5 security update
Previous by thread: [SECURITY] [DLA 1263-1] curl security update
Next by thread: [SECURITY] [DLA 1265-1] krb5 security update
Index(es):
- Date
- Thread