Headline
RHSA-2023:2771: Red Hat Security Advisory: unbound security and bug fix update
An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3204: A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation, leading to degraded performance and, eventually, a denial of service in orchestrated attacks.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-16
Updated:
2023-05-16
RHSA-2023:2771 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: unbound security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for unbound is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Security Fix(es):
- unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack) (CVE-2022-3204)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2128947 - CVE-2022-3204 unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)
- BZ - 2135322 - failing devel man pages for rhel 8
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
unbound-1.16.2-5.el8.src.rpm
SHA-256: 246c8c2f32c09d7ba32b46da9a370a24288d0b6adf74ad3d0d7eedeb1c879535
x86_64
python3-unbound-1.16.2-5.el8.x86_64.rpm
SHA-256: 8c365d644cfaeff205b5216e2b9912a0b4b3c083af2e9f11bf5aae59abc8eb8d
python3-unbound-debuginfo-1.16.2-5.el8.i686.rpm
SHA-256: b18e00e9a4016b723eed010c74638d20d1a2eb99fc60550aedf9f0653575c790
python3-unbound-debuginfo-1.16.2-5.el8.x86_64.rpm
SHA-256: 43266549db8a6e6e690bc6da7de37445d04255994955abf7bff5bfad6333a8e1
unbound-1.16.2-5.el8.x86_64.rpm
SHA-256: 12c45100dcb1c46ee091a7ec9771028cfa5c24f99ff71ef8a6e712782a90137e
unbound-debuginfo-1.16.2-5.el8.i686.rpm
SHA-256: 702e0fa8dddb32be973314dde13537dbd2bf2364946a9e11f16e33b46723dd2f
unbound-debuginfo-1.16.2-5.el8.x86_64.rpm
SHA-256: f5e5b97d8d18e522c2a5b5018a1fb462dfa1eb4974362a3410bad361fdc31014
unbound-debugsource-1.16.2-5.el8.i686.rpm
SHA-256: 0052815d1a3e2690f54198195fbf34316168ccab0911f12cb0d17d894f4841af
unbound-debugsource-1.16.2-5.el8.x86_64.rpm
SHA-256: 9ee0bc3a78429e0d9929b50723b62909fb4e5f752d21bff2d45032983f8c40ed
unbound-devel-1.16.2-5.el8.i686.rpm
SHA-256: 5b454564de0c0daaa897995f6f1fc240f83f874bde1ca2546544e245025a2d09
unbound-devel-1.16.2-5.el8.x86_64.rpm
SHA-256: 8d4fe8da0d21a87dc2dd7c8e2d683b7d838b91581f7a0b314c94603ec8524e87
unbound-libs-1.16.2-5.el8.i686.rpm
SHA-256: f6806b4e716cdc256a4c879e7ef14f0f6cd15d35fe25b3ac1ec7be77d3aa135e
unbound-libs-1.16.2-5.el8.x86_64.rpm
SHA-256: 042eeb50cb9fa6f18f238a66cf44e1f9bff395ce5a8df4c981c7910ae5b177ee
unbound-libs-debuginfo-1.16.2-5.el8.i686.rpm
SHA-256: d89a9bfe5bcf3622112b7446a5be68d086ca9547a66c59688f0f9d515bb7a6a9
unbound-libs-debuginfo-1.16.2-5.el8.x86_64.rpm
SHA-256: 0e6c65ce9f8aef3f5d4ed27d98633c0a142781a9f58c1f6d09fb625c7821516e
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
unbound-1.16.2-5.el8.src.rpm
SHA-256: 246c8c2f32c09d7ba32b46da9a370a24288d0b6adf74ad3d0d7eedeb1c879535
s390x
python3-unbound-1.16.2-5.el8.s390x.rpm
SHA-256: d4133e756aa60218d003a3f35d3bc726c51b780967d00c70c5f47037d2b4949b
python3-unbound-debuginfo-1.16.2-5.el8.s390x.rpm
SHA-256: 0276e8dacdf34eff7b72c38b4da28a1ee144c477a54e9e0186bc43372c0024c9
unbound-1.16.2-5.el8.s390x.rpm
SHA-256: 9e244063ef297e638077edfbb5a233db5cfec129dfc5e42778da546030392a8e
unbound-debuginfo-1.16.2-5.el8.s390x.rpm
SHA-256: 55d1bf771b2e0ff8c5da6813fa77e6742a5fbdb44eab34e3bdc907d85326c91a
unbound-debugsource-1.16.2-5.el8.s390x.rpm
SHA-256: 2e495f0d015123b9e671a9a1b1b6471ca2e6cb44cfa67dd120855b265138c249
unbound-devel-1.16.2-5.el8.s390x.rpm
SHA-256: d8584f45603326d3c2f991315ae213377882b1178fc2a608ca5d76868359edc1
unbound-libs-1.16.2-5.el8.s390x.rpm
SHA-256: ab5bd03b62ae7c8c8be13fce37595f9f03c23bfae8b7bc72eed198973f16ee69
unbound-libs-debuginfo-1.16.2-5.el8.s390x.rpm
SHA-256: 6494264f5074f2478fb52fd9293c621e64e29c7775272f055b3e23ff7ede6a24
Red Hat Enterprise Linux for Power, little endian 8
SRPM
unbound-1.16.2-5.el8.src.rpm
SHA-256: 246c8c2f32c09d7ba32b46da9a370a24288d0b6adf74ad3d0d7eedeb1c879535
ppc64le
python3-unbound-1.16.2-5.el8.ppc64le.rpm
SHA-256: 53d9282891efdf47d73440a5b9cd9dbcf47277b4a4d05a4b7167eb10ee4d2528
python3-unbound-debuginfo-1.16.2-5.el8.ppc64le.rpm
SHA-256: 3ec036e2b58b33a570c998d9544f7232c6928afb7adb085079268d8205ddce41
unbound-1.16.2-5.el8.ppc64le.rpm
SHA-256: 51cdbe259ef99ced8bfc41ec1c7c9f73f469b6361db263f2d7c66ff3a7df4682
unbound-debuginfo-1.16.2-5.el8.ppc64le.rpm
SHA-256: 5d2313b307a6c1737a21173a3ec374d9292ea116dea8ea6687c5e0e0f6043f4c
unbound-debugsource-1.16.2-5.el8.ppc64le.rpm
SHA-256: 0cb60a3646c8735e1b39a3479da3841145ad9f363ef61962852020205d45ccee
unbound-devel-1.16.2-5.el8.ppc64le.rpm
SHA-256: 7b27b886ffaad644d94071acfba31004a8a76f22c2f2cdfc90f5f08b9558d38d
unbound-libs-1.16.2-5.el8.ppc64le.rpm
SHA-256: b3cd5c0c4359fe45eb0bf75405173664c1e7d8f956199a063f1de7d40e818875
unbound-libs-debuginfo-1.16.2-5.el8.ppc64le.rpm
SHA-256: d329772fdfb303ef5055d4ce2182e93ad9283e6817fa693e75f3a94f0573ed6c
Red Hat Enterprise Linux for ARM 64 8
SRPM
unbound-1.16.2-5.el8.src.rpm
SHA-256: 246c8c2f32c09d7ba32b46da9a370a24288d0b6adf74ad3d0d7eedeb1c879535
aarch64
python3-unbound-1.16.2-5.el8.aarch64.rpm
SHA-256: 840a8d34ce554dee9524a96968e54b9d623a4b8007d47ba1668f5ea1fac70bc4
python3-unbound-debuginfo-1.16.2-5.el8.aarch64.rpm
SHA-256: 46d6098af984c2ada3cfed8f3d1ed908f37a2ef9e9b466c49b01cad2d0c3dea2
unbound-1.16.2-5.el8.aarch64.rpm
SHA-256: 25b5013a0ac497e1f1a4ecdaa4b0c1b3021407958eefdb3dea501a910f777951
unbound-debuginfo-1.16.2-5.el8.aarch64.rpm
SHA-256: 86a23195901e192a904fca2ddda209ca98c2d0c0c11e352849f8924bb77c0ce0
unbound-debugsource-1.16.2-5.el8.aarch64.rpm
SHA-256: 1cb32ae4e17d2d2a2c39efdde939d5f8b78bcbbac6f1c3a23b6f67a2ef220a0d
unbound-devel-1.16.2-5.el8.aarch64.rpm
SHA-256: 4cd5a6292f4ed9495bd11450426761f47ab92aac14d79703a65dba73e4a2b508
unbound-libs-1.16.2-5.el8.aarch64.rpm
SHA-256: 8cf926fa4b44d201f1ad308551dba83ba6642a997f660e7f2c713ec28935e5eb
unbound-libs-debuginfo-1.16.2-5.el8.aarch64.rpm
SHA-256: 269d37daaa121e93eb321455e513df353cdb5ef467d2526bddddf27e1c4c0d69
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-2045-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.
Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-2771-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Red Hat Security Advisory 2023-2370-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3204: A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS reco...
Gentoo Linux Security Advisory 202212-2 - Multiple vulnerabilities have been discovered in Unbound, the worst of which could result in denial of service. Versions less than 1.16.3 are affected.
Ubuntu Security Notice 5732-1 - It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service.
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the atta...