Ubuntu alert USN-6998-1 (unbound)
| From: | Bruce Cable <bruce.cable@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6998-1] Unbound vulnerabilities | |
| Date: | Wed, 11 Sep 2024 17:31:29 +1000 | |
| Message-ID: | <9fcf88b7-17f9-405a-97e8-f81a13973d90@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6998-1 September 11, 2024 unbound vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Unbound. Software Description: - unbound: validating, recursive, caching DNS resolver Details: It was discovered that Unbound incorrectly handled string comparisons, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. (CVE-2024-43167) It was discovered that Unbound incorrectly handled memory in cfg_mark_ports, which could lead to a heap buffer overflow. A local attacker could potentially use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-43168) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libunbound8 1.19.2-1ubuntu3.2 unbound 1.19.2-1ubuntu3.2 unbound-host 1.19.2-1ubuntu3.2 Ubuntu 22.04 LTS libunbound8 1.13.1-1ubuntu5.7 unbound 1.13.1-1ubuntu5.7 unbound-host 1.13.1-1ubuntu5.7 Ubuntu 20.04 LTS libunbound8 1.9.4-2ubuntu1.8 unbound 1.9.4-2ubuntu1.8 unbound-host 1.9.4-2ubuntu1.8 Ubuntu 18.04 LTS libunbound2 1.6.7-1ubuntu2.6+esm2 Available with Ubuntu Pro unbound 1.6.7-1ubuntu2.6+esm2 Available with Ubuntu Pro unbound-host 1.6.7-1ubuntu2.6+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libunbound2 1.5.8-1ubuntu1.1+esm1 Available with Ubuntu Pro unbound 1.5.8-1ubuntu1.1+esm1 Available with Ubuntu Pro unbound-host 1.5.8-1ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS libunbound2 1.4.22-1ubuntu4.14.04.3+esm1 Available with Ubuntu Pro unbound 1.4.22-1ubuntu4.14.04.3+esm1 Available with Ubuntu Pro unbound-host 1.4.22-1ubuntu4.14.04.3+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6998-1 CVE-2024-43167, CVE-2024-43168 Package Information: https://launchpad.net/ubuntu/+source/unbound/1.19.2-1ubun... https://launchpad.net/ubuntu/+source/unbound/1.13.1-1ubun... https://launchpad.net/ubuntu/+source/unbound/1.9.4-2ubunt...
Attachment: None (type=text/html)
(HTML attachment elided)
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmbhR1EFAwAAAAAACgkQuGrtzot7pOcy Dwv/bu7oDoWcJnYDG/LSoZeS1HFwbbNhPTrRhrx8NR+1NyMK9OwfFhLQSGhZNvzhATf5gdmSceMH NeiIF1onyNiLtf7W+zIGs9DjlA2SN6eOQ44Jtbah3dQUn6nYsvi8FetTd0GtnS3dkKB5abGxF5dx QquN4csm4dU87fW+GlEKKUmsWVWka3gHSf5v6K27JEiV1con4goJURjhSpJ8HOmbW5V0EIbfv1Z6 c1SHQI+XNqpUbuZ7CaRSHFOJO+zdPUVU0vmx2vC0FgImbWtSqVAPbe1bv6pG+B48Im0ruTccI6Jb 6cibNyxTNxTrm7H0WNA0GAxrzZnIqbBwqbeuWlQM1SldmvVr2gWAtWf9IEbvS3nlsie5tjqm+ob9 ckkCusLgZz7h6TPJE4PnyQf1RonSb6EGCOJTWhx/s9tEQqAqdaAnmy6FJW+vzao02H4ipnppeQYu iwFk3bKIMxFmbCaoN36lKgNd5EahseVVvBDJ+v7cbP3Kui8tr/Axs8Ur7wxB =Pyjo -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)