[SECURITY] [DLA 1676-1] unbound security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : unbound
Version : 1.4.22-3+deb8u4
CVE ID : CVE-2017-15105
Debian Bug : 887733
Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a
validating, recursive, caching DNS resolver, validated
wildcard-synthesized NSEC records.
An improperly validated wildcard NSEC record could be used to prove the
non-existence (NXDOMAIN answer) of an existing wildcard record, or trick
unbound into accepting a NODATA proof.
For more information please refer to the upstream advisory at
https://unbound.net/downloads/CVE-2017-15105.txt.
For Debian 8 "Jessie", this problem has been fixed in version
1.4.22-3+deb8u4.
We recommend that you upgrade your unbound packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxl1GJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQQsxAAuxGz7Uprm65Rhxf9W6eWnMLcMqM9olmTdwrTwNIrfwfoxeXX+wf8X29x
tnlWNJ4MsdTBtJYi7III+bNR5e8IOQWNZP7PLJjVHiedREQnh/yIUtz4Zb2ESb48
ehtN9xb0+MZ/TsaIQNGC7JNWLaIhd3Ic76hIs2MzfjlFrvat4nW2A1EwJ5Fe9WhK
faHGxH+sAvV41RyGPX+QTQIZCoXgsNWFCTMNhiRFdW/w2VjMaeelLwD36V9LYjtE
/hxV1Ywd0NKVQEA3BOvo85SlwDDaPBN6s1HNQy8RIR3R/F3RSBcpyB/ALFZGycEk
4VU6paC/PZ+tizKrUShuOTTYIt5KxnTDPnBlPaX+gR9397aIsBLxam7L7Mol9YuA
OU3bglpXp9Dg8XRbri1KPdNxS2MUbCPeO2TIhJUoViZkxqh3I9cLgHa+72Dxv2zj
inYJy7Kzgg29QgOy7KAPP2ovtOF+Ha8EZmym97BRQ2YWK8azxMQSujAKzVBv59Fq
WAd+1Peh1Jk+yAqpVtwetioh9KaD/aHTlctMEkNwJlJg//S5vlNF+PRxSaM17YXt
YIRUU2ST/x4e8GwgNa5f2AQYBUegKUOFNdoPp50Oon/C/p7PaPOSroWfPUe66T3i
S092iTunZ0/aebCPgmkZWzLQ8y1zwud7QaUH0CEJAUvi/pq6vyg=
=lvHO
-----END PGP SIGNATURE-----
Reply to: