Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:1853: Red Hat Security Advisory: unbound security, bug fix, and enhancement update

An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es):

  • unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)
  • unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)
  • unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)
  • unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)
  • unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)
  • unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)
  • unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)
  • unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)
  • unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)
  • unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)
  • unbound: symbolic link traversal when writing PID file (CVE-2020-28935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Related CVEs:
  • CVE-2019-25032: unbound: integer overflow in the regional allocator via regional_alloc
  • CVE-2019-25034: unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write
  • CVE-2019-25035: unbound: out-of-bounds write in sldns_bget_token_par
  • CVE-2019-25036: unbound: assertion failure and denial of service in synth_cname
  • CVE-2019-25037: unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet
  • CVE-2019-25038: unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c
  • CVE-2019-25039: unbound: integer overflow in a size calculation in respip/respip.c
  • CVE-2019-25040: unbound: infinite loop via a compressed name in dname_pkt_copy
  • CVE-2019-25041: unbound: assertion failure via a compressed name in dname_pkt_copy
  • CVE-2019-25042: unbound: out-of-bounds write via a compressed name in rdata_copy
  • CVE-2020-28935: unbound: symbolic link traversal when writing PID file
Red Hat Security Data
Open in Source
#vulnerability#linux#red_hat#dos

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data