Overview

File _patchinfo of Package patchinfo.34098

<patchinfo incident="34098">
  <issue tracker="cve" id="2022-30698"/>
  <issue tracker="cve" id="2022-30699"/>
  <issue tracker="cve" id="2022-3204"/>
  <issue tracker="cve" id="2023-50387"/>
  <issue tracker="cve" id="2023-50868"/>
  <issue tracker="bnc" id="1219823">VUL-0: CVE-2023-50387 : unbound, pdns, bind, dnsmasq: Denial Of Service while trying to validate specially crafted DNSSEC responses</issue>
  <issue tracker="bnc" id="1202031">VUL-0: CVE-2022-30699: unbound: Novel "ghost domain names" attack by updating almost expired delegation information</issue>
  <issue tracker="bnc" id="1219826">VUL-0: CVE-2023-50868: unbound, bind, pdns, dnsmasq: Denial Of Service while trying to validate specially crafted DNSSEC responses</issue>
  <issue tracker="bnc" id="1203643">VUL-0: CVE-2022-3204: unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)</issue>
  <issue tracker="bnc" id="1202033">VUL-0: CVE-2022-30698: unbound: Novel "ghost domain names" attack by introducing subdomain delegations</issue>
  <issue tracker="jsc" id="PED-8333"/>
  <packager>jcronenberg</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for unbound</summary>
  <description>This update for unbound fixes the following issues:

unbound was updated to 1.20.0:

* A lot of bugfixes and added features.
  For a complete list take a look at the changelog located at:
  /usr/share/doc/packages/unbound/Changelog or
  https://www.nlnetlabs.nl/projects/unbound/download/

Some Noteworthy Changes:

* Removed DLV. The DLV has been decommisioned since unbound
  1.5.4 and has been advised to stop using it since. The use of
  dlv options displays a warning.
* Remove EDNS lame procedure, do not re-query without EDNS after
  timeout.
* Add DNS over HTTPS
* libunbound has been upgraded to major version 8

Security Fixes:
* CVE-2023-50387: DNSSEC verification complexity can be
  exploited to exhaust CPU resources and stall DNS resolvers.  [bsc#1219823]
* CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU.
  [bsc#1219826]
* CVE-2022-30698: Novel "ghost domain names" attack by
  introducing subdomain delegations.  [bsc#1202033]
* CVE-2022-30699: Novel "ghost domain names" attack by
  updating almost expired delegation information.  [bsc#1202031]
* CVE-2022-3204: NRDelegation attack leads to uncontrolled
  resource consumption (Non-Responsive Delegation Attack).  [bsc#1203643]

Packaging Changes:

* Use prefixes instead of sudo in unbound.service
* Remove no longer necessary BuildRequires: libfstrm-devel and
  libprotobuf-c-devel
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places