Overview

File _patchinfo of Package patchinfo.22509

<patchinfo incident="22509">
  <issue tracker="bnc" id="1076963">VUL-1: CVE-2017-15105: unbound: Improper validation of wildcard synthesized NSEC records</issue>
  <issue tracker="bnc" id="1112009">VUL-0: unbound: update KSK (due to DNSSEC root KSK rollover)</issue>
  <issue tracker="bnc" id="1112033">VUL-0: unbound: /etc/unbound/icannbundle.pem outdated intermediate certificates</issue>
  <issue tracker="bnc" id="1179191">VUL-1: CVE-2020-28935: unbound:  symbolic link traversal when writing PID file</issue>
  <issue tracker="bnc" id="1185382">VUL-0: CVE-2019-25031: unbound: configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack</issue>
  <issue tracker="bnc" id="1185383">VUL-0: CVE-2019-25032: unbound: integer overflow in the regional allocator via regional_alloc</issue>
  <issue tracker="bnc" id="1185384">VUL-0: CVE-2019-25033: unbound: integer overflow in the regional allocator via the ALIGN_UP macro</issue>
  <issue tracker="bnc" id="1185385">VUL-0: CVE-2019-25034: unbound: integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write</issue>
  <issue tracker="bnc" id="1185386">VUL-0: CVE-2019-25035: unbound: out-of-bounds write in sldns_bget_token_par</issue>
  <issue tracker="bnc" id="1185387">VUL-0: CVE-2019-25036: unbound: assertion failure and denial of service in synth_cname</issue>
  <issue tracker="bnc" id="1185388">VUL-0: CVE-2019-25037: unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet</issue>
  <issue tracker="bnc" id="1185389">VUL-0: CVE-2019-25038: unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c</issue>
  <issue tracker="bnc" id="1185390">VUL-0: CVE-2019-25039: unbound: integer overflow in a size calculation in respip/respip.c</issue>
  <issue tracker="bnc" id="1185391">VUL-0: CVE-2019-25040: unbound: infinite loop via a compressed name in dname_pkt_copy</issue>
  <issue tracker="bnc" id="1185392">VUL-0: CVE-2019-25041: unbound: assertion failure via a compressed name in dname_pkt_copy</issue>
  <issue tracker="bnc" id="1185393">VUL-0: CVE-2019-25042: unbound: out-of-bounds write via a compressed name in rdata_copy</issue>
  <issue tracker="cve" id="2019-25031"/>
  <issue tracker="cve" id="2019-25032"/>
  <issue tracker="cve" id="2019-25033"/>
  <issue tracker="cve" id="2019-25034"/>
  <issue tracker="cve" id="2019-25035"/>
  <issue tracker="cve" id="2019-25036"/>
  <issue tracker="cve" id="2019-25037"/>
  <issue tracker="cve" id="2019-25038"/>
  <issue tracker="cve" id="2019-25039"/>
  <issue tracker="cve" id="2019-25040"/>
  <issue tracker="cve" id="2019-25041"/>
  <issue tracker="cve" id="2019-25042"/>
  <issue tracker="cve" id="2020-28935"/>       
  <packager>WernerFink</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for unbound</summary>
  <description>This update for unbound fixes the following issues:

- CVE-2019-25031: Fixed configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack (bsc#1185382).
- CVE-2019-25032: Fixed integer overflow in the regional allocator via regional_alloc (bsc#1185383).
- CVE-2019-25033: Fixed integer overflow in the regional allocator via the ALIGN_UP macro (bsc#1185384).
- CVE-2019-25034: Fixed integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write (bsc#1185385).
- CVE-2019-25035: Fixed out-of-bounds write in sldns_bget_token_par (bsc#1185386).
- CVE-2019-25036: Fixed assertion failure and denial of service in synth_cname (bsc#1185387).
- CVE-2019-25037: Fixed assertion failure and denial of service in dname_pkt_copy via an invalid packet (bsc#1185388).
- CVE-2019-25038: Fixed integer overflow in a size calculation in dnscrypt/dnscrypt.c (bsc#1185389).
- CVE-2019-25039: Fixed integer overflow in a size calculation in respip/respip.c (bsc#1185390).
- CVE-2019-25040: Fixed infinite loop via a compressed name in dname_pkt_copy (bsc#1185391).
- CVE-2019-25041: Fixed assertion failure via a compressed name in dname_pkt_copy (bsc#1185392).
- CVE-2019-25042: Fixed out-of-bounds write via a compressed name in rdata_copy (bsc#1185393).
- CVE-2020-28935: Fixed symbolic link traversal when writing PID file (bsc#1179191).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places