unbound-1.6.6-5.el7

エラータID: AXSA:2020-185:04

Release date: 
Wednesday, July 1, 2020 - 04:40
Subject: 
unbound-1.6.6-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Security Fix(es):

* unbound: incomplete fix for CVE-2020-12662 (CVE-2020-10772)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-10772
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-12662
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. unbound-1.6.6-5.el7.src.rpm
    MD5: 56f4ec70305b83c669a5490392bef35a
    SHA-256: 555a54d649e34d05ec6134b9d17a82de8e044bd38d128fdd8d7bb732a6ae6f56
    Size: 5.27 MB

Asianux Server 7 for x86_64
  1. unbound-1.6.6-5.el7.x86_64.rpm
    MD5: 4372f7cf91b0b59182681319f70933a5
    SHA-256: cb9462e87b839ce8148f2d097c79acdccde47ca23afee4a54d48c5c397e976ac
    Size: 672.81 kB
  2. unbound-libs-1.6.6-5.el7.x86_64.rpm
    MD5: 3e4c2d62b3fcc308fb51deb7c4aa2f79
    SHA-256: 7a76624251da8b7082d44a59c7fa58c07fff684e926d87dff9330c272c9c0796
    Size: 405.00 kB
  3. unbound-libs-1.6.6-5.el7.i686.rpm
    MD5: 8d844402754539580ffd90d7e8a8b701
    SHA-256: da2c5910e934559a9a31256bddee0e3d0dd0d464a180360b4785fea10fc12be0
    Size: 396.07 kB