|
|
Subscribe / Log in / New account

Mageia alert MGASA-2021-0154 (unbound)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2021-0154: Updated unbound packages fix a security vulnerability


Date:
              Sat, 27 Mar 2021 15:28:18 +0100


Message-ID:
              <20210327142818.BEA4D9FE73@duvel.mageia.org>


Archive-link:
              Article


MGASA-2021-0154 - Updated unbound packages fix a security vulnerability

Publication date: 27 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0154.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-28935

Description:
Unbound contains a local vulnerability that would allow for a local symlink
attack. When writing the PID file Unbound creates the file if it is not there,
or opens an existing file for writing. In case the file was already present, it
would follow symlinks if the file happened to be a symlink instead of a regular
file (CVE-2020-28935).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28447
- https://www.debian.org/lts/security/2021/dla-2556
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2...

SRPMS:
- 7/core/unbound-1.10.1-1.1.mga7
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds