Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8062: Red Hat Security Advisory: unbound security, bug fix, and enhancement update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-30698: unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names
  • CVE-2022-30699: unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:8062 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: unbound security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for unbound is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

The following packages have been upgraded to a later upstream version: unbound (1.16.2). (BZ#2087120)

Security Fix(es):

  • unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names (CVE-2022-30698)
  • unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names (CVE-2022-30699)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 1981415 - unbound: don’t use deprecated functions in OpenSSL 3.0
  • BZ - 2056116 - unbound-devel is not available on Centos 9 Stream
  • BZ - 2071543 - Unbound fails resolution of any SHA-1 signed domain [rhel-9.1.0]
  • BZ - 2071943 - failing devel man pages for rhel 9
  • BZ - 2079548 - [unbound: FIPS mode] does not resolve ED25519 and ED448
  • BZ - 2087120 - [rebase] Rebase to 1.16.0
  • BZ - 2094336 - unbound-keygen needs to be stoped
  • BZ - 2116725 - CVE-2022-30698 unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names
  • BZ - 2116729 - CVE-2022-30699 unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names
  • BZ - 2116802 - unbound-keygen requires openssl [rhel9]

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

unbound-1.16.2-2.el9.src.rpm

SHA-256: f94b97acc052ef1f60b22d22400537bb967593c77dbc9a06d56268d09db6c96b

x86_64

python3-unbound-1.16.2-2.el9.x86_64.rpm

SHA-256: 24769aca7c2431c0a2b79b3fb6c33beef0ce292f135c954d4fb1fba50d772869

python3-unbound-debuginfo-1.16.2-2.el9.i686.rpm

SHA-256: f7c6ceedac264a1cf4986e489745c082b31a96adf90ef71556f23872cf9a3e6b

python3-unbound-debuginfo-1.16.2-2.el9.x86_64.rpm

SHA-256: fd3eafad3781c0497315c3d65d3d34a29e28e41d1aa1860e847556c3a1d28445

unbound-1.16.2-2.el9.x86_64.rpm

SHA-256: 72101a254925837824f942788082daf20d91c31e1139d8a53dcab6dab30c2d64

unbound-debuginfo-1.16.2-2.el9.i686.rpm

SHA-256: c22035089506ea3c31610b9ea469918e2b591126b9a94f25c017ae2676116f3f

unbound-debuginfo-1.16.2-2.el9.x86_64.rpm

SHA-256: a02224d9ee3d93e6e2ed7eb8b0c31cc9143e7e536e2acd868401d2a1b64a3975

unbound-debugsource-1.16.2-2.el9.i686.rpm

SHA-256: 79b2cc946ebd1e24423a3f3023866e6003cbdf22d607e7a7b3f83bf44504e2bb

unbound-debugsource-1.16.2-2.el9.x86_64.rpm

SHA-256: c01cad3496488397ddaf3ef64b4cc64bd35404001fb3f2d1ffdcdc0596168151

unbound-libs-1.16.2-2.el9.i686.rpm

SHA-256: 88eb49215b26d7df6c4701e0ee9c031c4e738bd4bc70d45b9ff06da0c92b3172

unbound-libs-1.16.2-2.el9.x86_64.rpm

SHA-256: 3c52563ef6ba99cd8806b2fde878357f1c9ce092a098a85086e9bc39054cb54e

unbound-libs-debuginfo-1.16.2-2.el9.i686.rpm

SHA-256: 262ad9320853578c4d394665513dfff0aa2b753d85fa144af1a14035a2149baa

unbound-libs-debuginfo-1.16.2-2.el9.x86_64.rpm

SHA-256: 628d80f11be68767eba1cd1dba2832286de19864ad31e4577f461ee872c43721

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

unbound-1.16.2-2.el9.src.rpm

SHA-256: f94b97acc052ef1f60b22d22400537bb967593c77dbc9a06d56268d09db6c96b

s390x

python3-unbound-1.16.2-2.el9.s390x.rpm

SHA-256: c446b929c90dad7737ffe7091e3b3b891b33f07a6265dd6cbc4e5a0ed6b11ea7

python3-unbound-debuginfo-1.16.2-2.el9.s390x.rpm

SHA-256: 7cea16a83830f4e423e12c171335ff65296f0e01cdf5bca802574a52aa7b304d

unbound-1.16.2-2.el9.s390x.rpm

SHA-256: cc0025fb80590c2ff33c44c54c98b2a7fb7edc26be030c1fb31e05eb6febcba6

unbound-debuginfo-1.16.2-2.el9.s390x.rpm

SHA-256: bf0148ee9cdd5d91f580173a8d8e6835f2e8cc5727cd99e28d999dd25e554539

unbound-debugsource-1.16.2-2.el9.s390x.rpm

SHA-256: cc25c416676add5f383f017957f9dbf2b3fea5334d4050e807a6758727e326fa

unbound-libs-1.16.2-2.el9.s390x.rpm

SHA-256: e4cf0197f84e28a41153744e95a582c7168589b4e44dfb89572b73aa3acb129b

unbound-libs-debuginfo-1.16.2-2.el9.s390x.rpm

SHA-256: b329b0780a02c4939d8a9080e1290db8d29c2559fb67e22030ceda373a74d0be

Red Hat Enterprise Linux for Power, little endian 9

SRPM

unbound-1.16.2-2.el9.src.rpm

SHA-256: f94b97acc052ef1f60b22d22400537bb967593c77dbc9a06d56268d09db6c96b

ppc64le

python3-unbound-1.16.2-2.el9.ppc64le.rpm

SHA-256: 7cc429039cd0b2cde100bc4187ef768c92101a8cd46ffd783c424009478439da

python3-unbound-debuginfo-1.16.2-2.el9.ppc64le.rpm

SHA-256: c6df0170f768313433b5c7edc0de45aa7c374257909551092c7b0f0012aba141

unbound-1.16.2-2.el9.ppc64le.rpm

SHA-256: cc9fef3fc81be9b03ddd5436198c89151fc91b20a3cac4025d2a5ab5d2fab2f2

unbound-debuginfo-1.16.2-2.el9.ppc64le.rpm

SHA-256: aecdea75dbbeed4303e4cb106ec1a20c03dc3805122997d79ea5cbccbda04400

unbound-debugsource-1.16.2-2.el9.ppc64le.rpm

SHA-256: 5d4e4c32baf14227d80001b3bed566e260290298774e765fa59a793462446e24

unbound-libs-1.16.2-2.el9.ppc64le.rpm

SHA-256: e61f797e3cd92e97255fe968344b5ba98490c6eec75293aea389dc8dd0e6bf19

unbound-libs-debuginfo-1.16.2-2.el9.ppc64le.rpm

SHA-256: cdbcc0d8b2a97cea1f2604027ad2f0256602cc5d766b914a35abe979311f1af5

Red Hat Enterprise Linux for ARM 64 9

SRPM

unbound-1.16.2-2.el9.src.rpm

SHA-256: f94b97acc052ef1f60b22d22400537bb967593c77dbc9a06d56268d09db6c96b

aarch64

python3-unbound-1.16.2-2.el9.aarch64.rpm

SHA-256: 99d09da8fa7a6672790fb245781be76bf7b93c4447fd6f7ae617573a4090aaf8

python3-unbound-debuginfo-1.16.2-2.el9.aarch64.rpm

SHA-256: e46f449ce4e2beb84bb63e5d611568be9830d42c4122feb4631b353767413860

unbound-1.16.2-2.el9.aarch64.rpm

SHA-256: 796295e364105385585dd7b6166c1a8568dbc80046c99249465d298693875784

unbound-debuginfo-1.16.2-2.el9.aarch64.rpm

SHA-256: be127f252fe0204d4324deba550bb5e97c0972082b9012fb9e11823f4193654e

unbound-debugsource-1.16.2-2.el9.aarch64.rpm

SHA-256: a72bf32ae9eac268f1eabcda2e4b19c9074f3e036050c7f7d25b9f75d9f487cd

unbound-libs-1.16.2-2.el9.aarch64.rpm

SHA-256: d2698c06a645bd10567a29d9604b0a4dad6569a93b2fb27f474edefa49be4eaf

unbound-libs-debuginfo-1.16.2-2.el9.aarch64.rpm

SHA-256: 306a5f8c3331a06d435aa865718efbdb90644987ada962a18fc7f6482020308d

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

python3-unbound-debuginfo-1.16.2-2.el9.i686.rpm

SHA-256: f7c6ceedac264a1cf4986e489745c082b31a96adf90ef71556f23872cf9a3e6b

python3-unbound-debuginfo-1.16.2-2.el9.x86_64.rpm

SHA-256: fd3eafad3781c0497315c3d65d3d34a29e28e41d1aa1860e847556c3a1d28445

unbound-debuginfo-1.16.2-2.el9.i686.rpm

SHA-256: c22035089506ea3c31610b9ea469918e2b591126b9a94f25c017ae2676116f3f

unbound-debuginfo-1.16.2-2.el9.x86_64.rpm

SHA-256: a02224d9ee3d93e6e2ed7eb8b0c31cc9143e7e536e2acd868401d2a1b64a3975

unbound-debugsource-1.16.2-2.el9.i686.rpm

SHA-256: 79b2cc946ebd1e24423a3f3023866e6003cbdf22d607e7a7b3f83bf44504e2bb

unbound-debugsource-1.16.2-2.el9.x86_64.rpm

SHA-256: c01cad3496488397ddaf3ef64b4cc64bd35404001fb3f2d1ffdcdc0596168151

unbound-devel-1.16.2-2.el9.i686.rpm

SHA-256: 9743881400111ead02ff6039aff2a402203d1b7a70db9a61d8c479091c2d6870

unbound-devel-1.16.2-2.el9.x86_64.rpm

SHA-256: 9ecad0796b42d68cb49397331d91523114f12edee86dc901288195205c69ceb6

unbound-libs-debuginfo-1.16.2-2.el9.i686.rpm

SHA-256: 262ad9320853578c4d394665513dfff0aa2b753d85fa144af1a14035a2149baa

unbound-libs-debuginfo-1.16.2-2.el9.x86_64.rpm

SHA-256: 628d80f11be68767eba1cd1dba2832286de19864ad31e4577f461ee872c43721

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

python3-unbound-debuginfo-1.16.2-2.el9.ppc64le.rpm

SHA-256: c6df0170f768313433b5c7edc0de45aa7c374257909551092c7b0f0012aba141

unbound-debuginfo-1.16.2-2.el9.ppc64le.rpm

SHA-256: aecdea75dbbeed4303e4cb106ec1a20c03dc3805122997d79ea5cbccbda04400

unbound-debugsource-1.16.2-2.el9.ppc64le.rpm

SHA-256: 5d4e4c32baf14227d80001b3bed566e260290298774e765fa59a793462446e24

unbound-devel-1.16.2-2.el9.ppc64le.rpm

SHA-256: 8effad981ece7629ad19a1b840a73f1384960db3863863f51cd22cacd566360f

unbound-libs-debuginfo-1.16.2-2.el9.ppc64le.rpm

SHA-256: cdbcc0d8b2a97cea1f2604027ad2f0256602cc5d766b914a35abe979311f1af5

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

python3-unbound-debuginfo-1.16.2-2.el9.aarch64.rpm

SHA-256: e46f449ce4e2beb84bb63e5d611568be9830d42c4122feb4631b353767413860

unbound-debuginfo-1.16.2-2.el9.aarch64.rpm

SHA-256: be127f252fe0204d4324deba550bb5e97c0972082b9012fb9e11823f4193654e

unbound-debugsource-1.16.2-2.el9.aarch64.rpm

SHA-256: a72bf32ae9eac268f1eabcda2e4b19c9074f3e036050c7f7d25b9f75d9f487cd

unbound-devel-1.16.2-2.el9.aarch64.rpm

SHA-256: 25b29744827d82090a6ac029118ef8b78f89244991ac8fcea0934138b2ecaed8

unbound-libs-debuginfo-1.16.2-2.el9.aarch64.rpm

SHA-256: 306a5f8c3331a06d435aa865718efbdb90644987ada962a18fc7f6482020308d

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

python3-unbound-debuginfo-1.16.2-2.el9.s390x.rpm

SHA-256: 7cea16a83830f4e423e12c171335ff65296f0e01cdf5bca802574a52aa7b304d

unbound-debuginfo-1.16.2-2.el9.s390x.rpm

SHA-256: bf0148ee9cdd5d91f580173a8d8e6835f2e8cc5727cd99e28d999dd25e554539

unbound-debugsource-1.16.2-2.el9.s390x.rpm

SHA-256: cc25c416676add5f383f017957f9dbf2b3fea5334d4050e807a6758727e326fa

unbound-devel-1.16.2-2.el9.s390x.rpm

SHA-256: 58200e4afeb23a59e257e3ee3f1e47ae1ca3815e287ce7d3d0bfbc4c4cf5317b

unbound-libs-debuginfo-1.16.2-2.el9.s390x.rpm

SHA-256: b329b0780a02c4939d8a9080e1290db8d29c2559fb67e22030ceda373a74d0be

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-2045-03

Red Hat Security Advisory 2024-2045-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

RHSA-2023:0795: Red Hat Security Advisory: RHSA: Submariner 0.13.3 - security updates and bug fixes

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

Gentoo Linux Security Advisory 202212-02

Gentoo Linux Security Advisory 202212-2 - Multiple vulnerabilities have been discovered in Unbound, the worst of which could result in denial of service. Versions less than 1.16.3 are affected.

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

Red Hat Security Advisory 2022-8062-01

Red Hat Security Advisory 2022-8062-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Red Hat Security Advisory 2022-7622-01

Red Hat Security Advisory 2022-7622-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Red Hat Security Advisory 2022-7622-01

Red Hat Security Advisory 2022-7622-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

RHSA-2022:7622: Red Hat Security Advisory: unbound security, bug fix, and enhancement update

An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30698: unbound: the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names * CVE-2022-30699: unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names

RHSA-2022:7622: Red Hat Security Advisory: unbound security, bug fix, and enhancement update

An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30698: unbound: the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names * CVE-2022-30699: unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names

Ubuntu Security Notice USN-5569-1

Ubuntu Security Notice 5569-1 - Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked.

Ubuntu Security Notice USN-5569-1

Ubuntu Security Notice 5569-1 - Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked.

CVE-2022-30699

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.

CVE-2022-30699

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.