[SECURITY] [DLA 1676-1] unbound security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1676-1] unbound security update
From: Markus Koschany <apo@debian.org>
Date: Thu, 14 Feb 2019 21:49:38 +0100
Message-id: <[🔎] 2bb7e966-921d-077e-6603-1ff9d6214601@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : unbound
Version        : 1.4.22-3+deb8u4
CVE ID         : CVE-2017-15105
Debian Bug     : 887733

Ralph Dolmans and Karst Koymans found a flaw in the way unbound, a
validating, recursive, caching DNS resolver, validated
wildcard-synthesized NSEC records.

An improperly validated wildcard NSEC record could be used to prove the
non-existence (NXDOMAIN answer) of an existing wildcard record, or trick
unbound into accepting a NODATA proof.

For more information please refer to the upstream advisory at
https://unbound.net/downloads/CVE-2017-15105.txt.

For Debian 8 "Jessie", this problem has been fixed in version
1.4.22-3+deb8u4.

We recommend that you upgrade your unbound packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxl1GJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQQsxAAuxGz7Uprm65Rhxf9W6eWnMLcMqM9olmTdwrTwNIrfwfoxeXX+wf8X29x
tnlWNJ4MsdTBtJYi7III+bNR5e8IOQWNZP7PLJjVHiedREQnh/yIUtz4Zb2ESb48
ehtN9xb0+MZ/TsaIQNGC7JNWLaIhd3Ic76hIs2MzfjlFrvat4nW2A1EwJ5Fe9WhK
faHGxH+sAvV41RyGPX+QTQIZCoXgsNWFCTMNhiRFdW/w2VjMaeelLwD36V9LYjtE
/hxV1Ywd0NKVQEA3BOvo85SlwDDaPBN6s1HNQy8RIR3R/F3RSBcpyB/ALFZGycEk
4VU6paC/PZ+tizKrUShuOTTYIt5KxnTDPnBlPaX+gR9397aIsBLxam7L7Mol9YuA
OU3bglpXp9Dg8XRbri1KPdNxS2MUbCPeO2TIhJUoViZkxqh3I9cLgHa+72Dxv2zj
inYJy7Kzgg29QgOy7KAPP2ovtOF+Ha8EZmym97BRQ2YWK8azxMQSujAKzVBv59Fq
WAd+1Peh1Jk+yAqpVtwetioh9KaD/aHTlctMEkNwJlJg//S5vlNF+PRxSaM17YXt
YIRUU2ST/x4e8GwgNa5f2AQYBUegKUOFNdoPp50Oon/C/p7PaPOSroWfPUe66T3i
S092iTunZ0/aebCPgmkZWzLQ8y1zwud7QaUH0CEJAUvi/pq6vyg=
=lvHO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1675-1] python-gnupg security update
Next by Date: [SECURITY] [DLA 1677-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 1675-1] python-gnupg security update
Next by thread: [SECURITY] [DLA 1677-1] firefox-esr security update
Index(es):
- Date
- Thread