Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2370: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3204: A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation, leading to degraded performance and, eventually, a denial of service in orchestrated attacks.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-09

Updated:

2023-05-09

RHSA-2023:2370 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: unbound security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for unbound is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Security Fix(es):

  • unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack) (CVE-2022-3204)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2128947 - CVE-2022-3204 unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

unbound-1.16.2-3.el9.src.rpm

SHA-256: 064975229eaf9b4d86db4eb4a2d4440dd6fea12898befb699389162e3a68b284

x86_64

python3-unbound-1.16.2-3.el9.x86_64.rpm

SHA-256: d23bfe8dc417d79a25e075be951ae7ecddda26baeba0ac990744b9990dc7af8f

python3-unbound-debuginfo-1.16.2-3.el9.i686.rpm

SHA-256: 594e2252c675ede06ba8005a456497abadc2368edbdf712843a91808f1b9c779

python3-unbound-debuginfo-1.16.2-3.el9.x86_64.rpm

SHA-256: 2a7ff03a467f4544bcef0f3b359e844ab1f45e965b59e5d49767fdfe8b6390e7

unbound-1.16.2-3.el9.x86_64.rpm

SHA-256: 076f24f2472432b0cc7494fd2d130e08827cc062805ee162f6033a0dc1ca9e4b

unbound-debuginfo-1.16.2-3.el9.i686.rpm

SHA-256: e30043a055832ec9d1008e804468db60b7e35304008ccbb0f8cba12306db527f

unbound-debuginfo-1.16.2-3.el9.x86_64.rpm

SHA-256: b50e7661f7dd74a4da7e1855135da9c9497897fb4e2481b721736fa8a8e2bd31

unbound-debugsource-1.16.2-3.el9.i686.rpm

SHA-256: 4d552b178ec0fca309a87197ac6d2d21250c6805c56e19b9084d35f62256d283

unbound-debugsource-1.16.2-3.el9.x86_64.rpm

SHA-256: 5ff9b754357f1e0a062396c8b7442e58a6194c02e1d11390d3dda3efcc04ff98

unbound-libs-1.16.2-3.el9.i686.rpm

SHA-256: 20391fe14e449a14c0c18c7c19e7829264d3bc4b0986cced754ae55bab393f6b

unbound-libs-1.16.2-3.el9.x86_64.rpm

SHA-256: a7665af88aa953170f7c1b68a25b29be3752f710752240715f7caed6116bc687

unbound-libs-debuginfo-1.16.2-3.el9.i686.rpm

SHA-256: 33330ada498d45c047dd5b1fd03e6974f17629c530c2169d88e7dfc5ae8bfa3b

unbound-libs-debuginfo-1.16.2-3.el9.x86_64.rpm

SHA-256: a89ff416a2db9eb544b38f349459c4c4f4dde412eda9e9570518f966ac8157b1

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

unbound-1.16.2-3.el9.src.rpm

SHA-256: 064975229eaf9b4d86db4eb4a2d4440dd6fea12898befb699389162e3a68b284

s390x

python3-unbound-1.16.2-3.el9.s390x.rpm

SHA-256: 9fb67cbbb8494cae32e30f048b745a1d0b9758bc6e1c187fce3f14586db5f678

python3-unbound-debuginfo-1.16.2-3.el9.s390x.rpm

SHA-256: bf8718d8393f6a542be0ff0c11e87c84e46d92ec2e4b83b98e08928ada166e41

unbound-1.16.2-3.el9.s390x.rpm

SHA-256: fb8a009eb57543cc3765ac76eca319281104fe16193efb3bdfd35a692754bf11

unbound-debuginfo-1.16.2-3.el9.s390x.rpm

SHA-256: 0db91f5b957e68e524fa1c90034cc085e0f10b0156ccf69ce42100d10bd19cf7

unbound-debugsource-1.16.2-3.el9.s390x.rpm

SHA-256: 626eda4b77e4f965b834d90ea1776335ed66d36a886e25e9d367c5ed69899ef8

unbound-libs-1.16.2-3.el9.s390x.rpm

SHA-256: 197d92ec195865f3d87b8ce30653981a3ccef960ec2134332feef4cb8a0b1273

unbound-libs-debuginfo-1.16.2-3.el9.s390x.rpm

SHA-256: ed2a30016f3801d3a67fb17d08de8519c6dd401f49e75595e75e92c51feff09c

Red Hat Enterprise Linux for Power, little endian 9

SRPM

unbound-1.16.2-3.el9.src.rpm

SHA-256: 064975229eaf9b4d86db4eb4a2d4440dd6fea12898befb699389162e3a68b284

ppc64le

python3-unbound-1.16.2-3.el9.ppc64le.rpm

SHA-256: 5acb02d76fde722f0af8c0a732943df52d41201e3a78547ab9579b93812755b0

python3-unbound-debuginfo-1.16.2-3.el9.ppc64le.rpm

SHA-256: 7addddef1eb2c532f66f60a50f12edc8ac02ce9a24bb1a5f13e51ceceec62ea8

unbound-1.16.2-3.el9.ppc64le.rpm

SHA-256: 4af4cacbcfaf41f20f59bc68750becd59541a57f6339cce5eeeddbf5c2b557d7

unbound-debuginfo-1.16.2-3.el9.ppc64le.rpm

SHA-256: c83fd5f706fd27e7af85ef86a6335ba2405de59691fbd3f50d8fb6f1e83826e1

unbound-debugsource-1.16.2-3.el9.ppc64le.rpm

SHA-256: c3e5bf7e990e30c2e9dc4af15f3a6d7396c43bc98993803691ce9efa2a539bbd

unbound-libs-1.16.2-3.el9.ppc64le.rpm

SHA-256: 950315efa5e0dc8cce7ec01bc264b6e1a8447ad5816b7dca79acf15f8b39cf98

unbound-libs-debuginfo-1.16.2-3.el9.ppc64le.rpm

SHA-256: d5cb3a400c6b6181f0701312aa361f88aaf16d38d0cd206125a6b4d266400ba0

Red Hat Enterprise Linux for ARM 64 9

SRPM

unbound-1.16.2-3.el9.src.rpm

SHA-256: 064975229eaf9b4d86db4eb4a2d4440dd6fea12898befb699389162e3a68b284

aarch64

python3-unbound-1.16.2-3.el9.aarch64.rpm

SHA-256: 635d0956a43870a5f5c20c0ea5422492d5b22efd8a6728e85fee32b9666ac40d

python3-unbound-debuginfo-1.16.2-3.el9.aarch64.rpm

SHA-256: f4fa290f9da3927358d664fbf72e3507a8f58ea2739c253cbb1924f01687c77a

unbound-1.16.2-3.el9.aarch64.rpm

SHA-256: ac552fbc3d491ea0a7a8b9b99b61d63b9190d38117ba7e4b64fc3039d7039787

unbound-debuginfo-1.16.2-3.el9.aarch64.rpm

SHA-256: 300fb24b862be99ea76383e50801da307b17ab7fcc2636aee78fc379c1f7cbd3

unbound-debugsource-1.16.2-3.el9.aarch64.rpm

SHA-256: caf4b84d371539f9899ea24ea5f45347d9c7965d2ed7bc1fba83f6b18e31a5c7

unbound-libs-1.16.2-3.el9.aarch64.rpm

SHA-256: 4f25a365a844dce5fbaa009b642ce731ac8ea7652b9a66ea86d058e2f2c4585e

unbound-libs-debuginfo-1.16.2-3.el9.aarch64.rpm

SHA-256: 774368441be49960e07c55920f33ec11007fddc5b5756215897e0a1bc0201f3f

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

python3-unbound-debuginfo-1.16.2-3.el9.i686.rpm

SHA-256: 594e2252c675ede06ba8005a456497abadc2368edbdf712843a91808f1b9c779

python3-unbound-debuginfo-1.16.2-3.el9.x86_64.rpm

SHA-256: 2a7ff03a467f4544bcef0f3b359e844ab1f45e965b59e5d49767fdfe8b6390e7

unbound-debuginfo-1.16.2-3.el9.i686.rpm

SHA-256: e30043a055832ec9d1008e804468db60b7e35304008ccbb0f8cba12306db527f

unbound-debuginfo-1.16.2-3.el9.x86_64.rpm

SHA-256: b50e7661f7dd74a4da7e1855135da9c9497897fb4e2481b721736fa8a8e2bd31

unbound-debugsource-1.16.2-3.el9.i686.rpm

SHA-256: 4d552b178ec0fca309a87197ac6d2d21250c6805c56e19b9084d35f62256d283

unbound-debugsource-1.16.2-3.el9.x86_64.rpm

SHA-256: 5ff9b754357f1e0a062396c8b7442e58a6194c02e1d11390d3dda3efcc04ff98

unbound-devel-1.16.2-3.el9.i686.rpm

SHA-256: 70e9c6d1c9690130e007a9326a1870f3af279dd8438f78d1464516e14a5c2531

unbound-devel-1.16.2-3.el9.x86_64.rpm

SHA-256: af0460e6a3dba137a5ebdbf136ec81cad5a1e08cb728c361357ca0939a85340c

unbound-libs-debuginfo-1.16.2-3.el9.i686.rpm

SHA-256: 33330ada498d45c047dd5b1fd03e6974f17629c530c2169d88e7dfc5ae8bfa3b

unbound-libs-debuginfo-1.16.2-3.el9.x86_64.rpm

SHA-256: a89ff416a2db9eb544b38f349459c4c4f4dde412eda9e9570518f966ac8157b1

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

python3-unbound-debuginfo-1.16.2-3.el9.ppc64le.rpm

SHA-256: 7addddef1eb2c532f66f60a50f12edc8ac02ce9a24bb1a5f13e51ceceec62ea8

unbound-debuginfo-1.16.2-3.el9.ppc64le.rpm

SHA-256: c83fd5f706fd27e7af85ef86a6335ba2405de59691fbd3f50d8fb6f1e83826e1

unbound-debugsource-1.16.2-3.el9.ppc64le.rpm

SHA-256: c3e5bf7e990e30c2e9dc4af15f3a6d7396c43bc98993803691ce9efa2a539bbd

unbound-devel-1.16.2-3.el9.ppc64le.rpm

SHA-256: 21131d48f3e7ed05949cafd7323ceb490c105b34b1ed443fd0e70a1399c93472

unbound-libs-debuginfo-1.16.2-3.el9.ppc64le.rpm

SHA-256: d5cb3a400c6b6181f0701312aa361f88aaf16d38d0cd206125a6b4d266400ba0

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

python3-unbound-debuginfo-1.16.2-3.el9.aarch64.rpm

SHA-256: f4fa290f9da3927358d664fbf72e3507a8f58ea2739c253cbb1924f01687c77a

unbound-debuginfo-1.16.2-3.el9.aarch64.rpm

SHA-256: 300fb24b862be99ea76383e50801da307b17ab7fcc2636aee78fc379c1f7cbd3

unbound-debugsource-1.16.2-3.el9.aarch64.rpm

SHA-256: caf4b84d371539f9899ea24ea5f45347d9c7965d2ed7bc1fba83f6b18e31a5c7

unbound-devel-1.16.2-3.el9.aarch64.rpm

SHA-256: cae0496ee22489393c09587b7433b6c3f61a9b42349439f5dd0b8eb447d707e7

unbound-libs-debuginfo-1.16.2-3.el9.aarch64.rpm

SHA-256: 774368441be49960e07c55920f33ec11007fddc5b5756215897e0a1bc0201f3f

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

python3-unbound-debuginfo-1.16.2-3.el9.s390x.rpm

SHA-256: bf8718d8393f6a542be0ff0c11e87c84e46d92ec2e4b83b98e08928ada166e41

unbound-debuginfo-1.16.2-3.el9.s390x.rpm

SHA-256: 0db91f5b957e68e524fa1c90034cc085e0f10b0156ccf69ce42100d10bd19cf7

unbound-debugsource-1.16.2-3.el9.s390x.rpm

SHA-256: 626eda4b77e4f965b834d90ea1776335ed66d36a886e25e9d367c5ed69899ef8

unbound-devel-1.16.2-3.el9.s390x.rpm

SHA-256: 1db62dc8a56a4dcf138d6ae0693c950f182aa0b7ce7d049a04a01e3e72c562d1

unbound-libs-debuginfo-1.16.2-3.el9.s390x.rpm

SHA-256: ed2a30016f3801d3a67fb17d08de8519c6dd401f49e75595e75e92c51feff09c

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-2045-03

Red Hat Security Advisory 2024-2045-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2023-3644-01

Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

RHSA-2023:3644: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-2771-01

Red Hat Security Advisory 2023-2771-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

RHSA-2023:2771: Red Hat Security Advisory: unbound security and bug fix update

An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3204: A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS reco...

Red Hat Security Advisory 2023-2370-01

Red Hat Security Advisory 2023-2370-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Gentoo Linux Security Advisory 202212-02

Gentoo Linux Security Advisory 202212-2 - Multiple vulnerabilities have been discovered in Unbound, the worst of which could result in denial of service. Versions less than 1.16.3 are affected.

Ubuntu Security Notice USN-5732-1

Ubuntu Security Notice 5732-1 - It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service.

CVE-2022-3204

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the atta...