unbound (1.13.1-1ubuntu5.8) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service via large RRsets compression
- debian/patches/CVE-2024-8508.patch: limit name compression
calculations per packet to avoid CPU lockup in util/data/msgencode.c
- CVE-2024-8508
-- Vyom Yadav <vyom.yadav@canonical.com> Thu, 17 Oct 2024 11:28:18 +0530
unbound (1.13.1-1ubuntu5.7) jammy-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2024-43167-1.patch: fix null pointer
dereference issue in function ub_ctx_set_fwd of file
libunbound/libunbound.c
- debian/patches/CVE-2024-43167-2.patch: fix to print a parse
error when config is read with no name for a forward-zone, stub-
zone or view.
- CVE-2024-43167
* SECURITY UPDATE: heap buffer overflow
- debian/patches/CVE-2024-43168-1.patch: fix heap-buffer-overflow
issue in function cfg_mark_ports of file util/config_file.c
- debian/patches/CVE-2024-43168-2.patch: adjust error text and
disallow negative ports in other parts of cfg_mark_ports.
- CVE-2024-43168
-- Bruce Cable <bruce.cable@canonical.com> Thu, 05 Sep 2024 16:35:49 +1000
unbound (1.13.1-1ubuntu5.5) jammy-security; urgency=medium
* SECURITY UPDATE: Unbound could be used to take part in a DoS attack
- debian/patches/CVE-2024-33655.patch: fix for the DNSBomb
vulnerability in doc/example.conf.in, doc/unbound.conf.5.in,
services/cache/infra.c, services/cache/infra.h, services/mesh.c,
testdata/*, util/config_file.c, util/config_file.h,
util/configlexer.lex, util/configparser.y.
- CVE-2024-33655
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 15 May 2024 13:34:34 +0200
unbound (1.13.1-1ubuntu5.4) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service issues via DNSSEC responses
- debian/patches/CVE-2023-50387_CVE-2023-50868_1.12.0-1.13.1.patch:
patch obtained from Debian's 1.13.1-1+deb11u2 package, thanks to
Salvatore Bonaccorso.
- CVE-2023-50387
- CVE-2023-50868
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 27 Feb 2024 16:53:18 -0500
unbound (1.13.1-1ubuntu5.3) jammy-security; urgency=medium
* SECURITY UPDATE: Non-Responsive Delegation Attack
- debian/patches/CVE-2022-3204.patch: limit number of lookups in
iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c,
services/cache/dns.c, services/mesh.*.
- CVE-2022-3204
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 15 Nov 2022 15:03:03 -0500
unbound (1.13.1-1ubuntu5.2) jammy; urgency=medium
* Resolve interfaces using existing interface names with unbound-checkconf
(LP: #1988055):
- d/p/fix-checkconf-interface-name-error.patch: Resolve known interface
names correctly when using unbound-checkconf
- d/p/resolve-control-interface-names.patch: Resolve interface names on
control-interface so unbound-checkconf can work correctly when checking
names of known interfaces
-- Lena Voytek <lena.voytek@canonical.com> Wed, 07 Sep 2022 10:52:50 -0700
unbound (1.13.1-1ubuntu5.1) jammy-security; urgency=medium
* SECURITY UPDATE: Ghost domain names issues
- debian/patches/CVE-2022-3069x-pre1.patch: fix that nxdomain synthesis
does not happen above the stub or forward definition in
cachedb/cachedb.c, edns-subnet/subnetmod.c, iterator/iter_utils.c,
iterator/iter_utils.h, iterator/iterator.c, services/cache/dns.c,
services/cache/dns.h.
- debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain
issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c,
dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c,
iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i,
pythonmod/pythonmod_utils.c, services/cache/dns.c,
services/cache/dns.h, services/mesh.c,
testdata/iter_prefetch_change.rpl, util/module.h,
validator/validator.c.
- CVE-2022-30698
- CVE-2022-30699
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 02 Aug 2022 09:52:58 -0400
unbound (1.13.1-1ubuntu5) jammy; urgency=medium
* Cherry-pick upstream commits for Python 3.10 compatibility
-- Rico Tzschichholz <ricotz@ubuntu.com> Tue, 01 Feb 2022 15:23:57 +0100
unbound (1.13.1-1ubuntu4) jammy; urgency=medium
* No-change rebuild with Python 3.10 as default version
-- Graham Inggs <ginggs@ubuntu.com> Thu, 13 Jan 2022 20:38:08 +0000
unbound (1.13.1-1ubuntu3) jammy; urgency=medium
* debian/patches/openssl3.patch: compatibility with OpenSSL 3.
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 Dec 2021 20:51:29 +0000
# For older changelog entries, run 'apt-get changelog libunbound8'
Generated by dwww version 1.14 on Tue Jan 21 08:39:43 CET 2025.