Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2771: Red Hat Security Advisory: unbound security and bug fix update

An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3204: A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation, leading to degraded performance and, eventually, a denial of service in orchestrated attacks.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-16

Updated:

2023-05-16

RHSA-2023:2771 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: unbound security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for unbound is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Security Fix(es):

  • unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack) (CVE-2022-3204)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2128947 - CVE-2022-3204 unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)
  • BZ - 2135322 - failing devel man pages for rhel 8

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Red Hat Enterprise Linux for x86_64 8

SRPM

unbound-1.16.2-5.el8.src.rpm

SHA-256: 246c8c2f32c09d7ba32b46da9a370a24288d0b6adf74ad3d0d7eedeb1c879535

x86_64

python3-unbound-1.16.2-5.el8.x86_64.rpm

SHA-256: 8c365d644cfaeff205b5216e2b9912a0b4b3c083af2e9f11bf5aae59abc8eb8d

python3-unbound-debuginfo-1.16.2-5.el8.i686.rpm

SHA-256: b18e00e9a4016b723eed010c74638d20d1a2eb99fc60550aedf9f0653575c790

python3-unbound-debuginfo-1.16.2-5.el8.x86_64.rpm

SHA-256: 43266549db8a6e6e690bc6da7de37445d04255994955abf7bff5bfad6333a8e1

unbound-1.16.2-5.el8.x86_64.rpm

SHA-256: 12c45100dcb1c46ee091a7ec9771028cfa5c24f99ff71ef8a6e712782a90137e

unbound-debuginfo-1.16.2-5.el8.i686.rpm

SHA-256: 702e0fa8dddb32be973314dde13537dbd2bf2364946a9e11f16e33b46723dd2f

unbound-debuginfo-1.16.2-5.el8.x86_64.rpm

SHA-256: f5e5b97d8d18e522c2a5b5018a1fb462dfa1eb4974362a3410bad361fdc31014

unbound-debugsource-1.16.2-5.el8.i686.rpm

SHA-256: 0052815d1a3e2690f54198195fbf34316168ccab0911f12cb0d17d894f4841af

unbound-debugsource-1.16.2-5.el8.x86_64.rpm

SHA-256: 9ee0bc3a78429e0d9929b50723b62909fb4e5f752d21bff2d45032983f8c40ed

unbound-devel-1.16.2-5.el8.i686.rpm

SHA-256: 5b454564de0c0daaa897995f6f1fc240f83f874bde1ca2546544e245025a2d09

unbound-devel-1.16.2-5.el8.x86_64.rpm

SHA-256: 8d4fe8da0d21a87dc2dd7c8e2d683b7d838b91581f7a0b314c94603ec8524e87

unbound-libs-1.16.2-5.el8.i686.rpm

SHA-256: f6806b4e716cdc256a4c879e7ef14f0f6cd15d35fe25b3ac1ec7be77d3aa135e

unbound-libs-1.16.2-5.el8.x86_64.rpm

SHA-256: 042eeb50cb9fa6f18f238a66cf44e1f9bff395ce5a8df4c981c7910ae5b177ee

unbound-libs-debuginfo-1.16.2-5.el8.i686.rpm

SHA-256: d89a9bfe5bcf3622112b7446a5be68d086ca9547a66c59688f0f9d515bb7a6a9

unbound-libs-debuginfo-1.16.2-5.el8.x86_64.rpm

SHA-256: 0e6c65ce9f8aef3f5d4ed27d98633c0a142781a9f58c1f6d09fb625c7821516e

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

unbound-1.16.2-5.el8.src.rpm

SHA-256: 246c8c2f32c09d7ba32b46da9a370a24288d0b6adf74ad3d0d7eedeb1c879535

s390x

python3-unbound-1.16.2-5.el8.s390x.rpm

SHA-256: d4133e756aa60218d003a3f35d3bc726c51b780967d00c70c5f47037d2b4949b

python3-unbound-debuginfo-1.16.2-5.el8.s390x.rpm

SHA-256: 0276e8dacdf34eff7b72c38b4da28a1ee144c477a54e9e0186bc43372c0024c9

unbound-1.16.2-5.el8.s390x.rpm

SHA-256: 9e244063ef297e638077edfbb5a233db5cfec129dfc5e42778da546030392a8e

unbound-debuginfo-1.16.2-5.el8.s390x.rpm

SHA-256: 55d1bf771b2e0ff8c5da6813fa77e6742a5fbdb44eab34e3bdc907d85326c91a

unbound-debugsource-1.16.2-5.el8.s390x.rpm

SHA-256: 2e495f0d015123b9e671a9a1b1b6471ca2e6cb44cfa67dd120855b265138c249

unbound-devel-1.16.2-5.el8.s390x.rpm

SHA-256: d8584f45603326d3c2f991315ae213377882b1178fc2a608ca5d76868359edc1

unbound-libs-1.16.2-5.el8.s390x.rpm

SHA-256: ab5bd03b62ae7c8c8be13fce37595f9f03c23bfae8b7bc72eed198973f16ee69

unbound-libs-debuginfo-1.16.2-5.el8.s390x.rpm

SHA-256: 6494264f5074f2478fb52fd9293c621e64e29c7775272f055b3e23ff7ede6a24

Red Hat Enterprise Linux for Power, little endian 8

SRPM

unbound-1.16.2-5.el8.src.rpm

SHA-256: 246c8c2f32c09d7ba32b46da9a370a24288d0b6adf74ad3d0d7eedeb1c879535

ppc64le

python3-unbound-1.16.2-5.el8.ppc64le.rpm

SHA-256: 53d9282891efdf47d73440a5b9cd9dbcf47277b4a4d05a4b7167eb10ee4d2528

python3-unbound-debuginfo-1.16.2-5.el8.ppc64le.rpm

SHA-256: 3ec036e2b58b33a570c998d9544f7232c6928afb7adb085079268d8205ddce41

unbound-1.16.2-5.el8.ppc64le.rpm

SHA-256: 51cdbe259ef99ced8bfc41ec1c7c9f73f469b6361db263f2d7c66ff3a7df4682

unbound-debuginfo-1.16.2-5.el8.ppc64le.rpm

SHA-256: 5d2313b307a6c1737a21173a3ec374d9292ea116dea8ea6687c5e0e0f6043f4c

unbound-debugsource-1.16.2-5.el8.ppc64le.rpm

SHA-256: 0cb60a3646c8735e1b39a3479da3841145ad9f363ef61962852020205d45ccee

unbound-devel-1.16.2-5.el8.ppc64le.rpm

SHA-256: 7b27b886ffaad644d94071acfba31004a8a76f22c2f2cdfc90f5f08b9558d38d

unbound-libs-1.16.2-5.el8.ppc64le.rpm

SHA-256: b3cd5c0c4359fe45eb0bf75405173664c1e7d8f956199a063f1de7d40e818875

unbound-libs-debuginfo-1.16.2-5.el8.ppc64le.rpm

SHA-256: d329772fdfb303ef5055d4ce2182e93ad9283e6817fa693e75f3a94f0573ed6c

Red Hat Enterprise Linux for ARM 64 8

SRPM

unbound-1.16.2-5.el8.src.rpm

SHA-256: 246c8c2f32c09d7ba32b46da9a370a24288d0b6adf74ad3d0d7eedeb1c879535

aarch64

python3-unbound-1.16.2-5.el8.aarch64.rpm

SHA-256: 840a8d34ce554dee9524a96968e54b9d623a4b8007d47ba1668f5ea1fac70bc4

python3-unbound-debuginfo-1.16.2-5.el8.aarch64.rpm

SHA-256: 46d6098af984c2ada3cfed8f3d1ed908f37a2ef9e9b466c49b01cad2d0c3dea2

unbound-1.16.2-5.el8.aarch64.rpm

SHA-256: 25b5013a0ac497e1f1a4ecdaa4b0c1b3021407958eefdb3dea501a910f777951

unbound-debuginfo-1.16.2-5.el8.aarch64.rpm

SHA-256: 86a23195901e192a904fca2ddda209ca98c2d0c0c11e352849f8924bb77c0ce0

unbound-debugsource-1.16.2-5.el8.aarch64.rpm

SHA-256: 1cb32ae4e17d2d2a2c39efdde939d5f8b78bcbbac6f1c3a23b6f67a2ef220a0d

unbound-devel-1.16.2-5.el8.aarch64.rpm

SHA-256: 4cd5a6292f4ed9495bd11450426761f47ab92aac14d79703a65dba73e4a2b508

unbound-libs-1.16.2-5.el8.aarch64.rpm

SHA-256: 8cf926fa4b44d201f1ad308551dba83ba6642a997f660e7f2c713ec28935e5eb

unbound-libs-debuginfo-1.16.2-5.el8.aarch64.rpm

SHA-256: 269d37daaa121e93eb321455e513df353cdb5ef467d2526bddddf27e1c4c0d69

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-2045-03

Red Hat Security Advisory 2024-2045-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2023-3644-01

Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

RHSA-2023:3644: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-2771-01

Red Hat Security Advisory 2023-2771-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Red Hat Security Advisory 2023-2370-01

Red Hat Security Advisory 2023-2370-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

RHSA-2023:2370: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3204: A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS reco...

Gentoo Linux Security Advisory 202212-02

Gentoo Linux Security Advisory 202212-2 - Multiple vulnerabilities have been discovered in Unbound, the worst of which could result in denial of service. Versions less than 1.16.3 are affected.

Ubuntu Security Notice USN-5732-1

Ubuntu Security Notice 5732-1 - It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service.

CVE-2022-3204

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the atta...