unbound-1.24.2-2.el9
エラータID: AXSA:2026-1052:06
リリース日:
2026/06/30 Tuesday - 01:12
題名:
unbound-1.24.2-2.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Unbound には、リモートの攻撃者により、RFC 1035 の DNS プロトコル
の規定に沿って DNS クエリの遅延を制御することを介して、サービス拒否
攻撃 (リソースの枯渇) を可能とする脆弱性が存在します。
(CVE-2024-33655)
- Unbound には、近隣のネットワーク上の攻撃者により、ドメイン
ハイジャックを可能とする脆弱性が存在します。(CVE-2025-11411)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-33655
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
CVE-2025-11411
NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.
NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.
追加情報:
N/A
ダウンロード:
SRPMS
- unbound-1.24.2-2.el9.src.rpm
MD5: 11a6e5b373bbf6276d46717f81e9dd7c
SHA-256: 32296491d006ed100be506a179cb3ead7501cd5c002ed0834998ce980e6b6252
Size: 6.66 MB
Asianux Server 9 for x86_64
- python3-unbound-1.24.2-2.el9.x86_64.rpm
MD5: 162bccd1b235601775c1bd3120464895
SHA-256: 3f5e520f7eeee38c5ace048566bdf0fb7dc3a8b2a72433ad3ac250a1375e494a
Size: 109.14 kB - unbound-1.24.2-2.el9.x86_64.rpm
MD5: fc102736e59bb9f2743b38a21b870db4
SHA-256: 227c20322f42f45cee1e42e54fcbee08b3afe2b6fe83d213182fe3cbd47c58b3
Size: 1.05 MB - unbound-devel-1.24.2-2.el9.i686.rpm
MD5: 488ed8c539d305e6abb3ef4f53f542b1
SHA-256: 54197970f9bf1491be2ac1fb81f368b74c7d8c82f16d78a551482342940341ad
Size: 39.34 kB - unbound-devel-1.24.2-2.el9.x86_64.rpm
MD5: a505d5aa2b3ec9c39e222286418142f6
SHA-256: 6003193f75cd42c6c9fdd118bfd1ba0955c87d406a6ade04d70a5082d245cb18
Size: 39.36 kB - unbound-dracut-1.24.2-2.el9.x86_64.rpm
MD5: 28fdf363d016c073ca8abc7eb8fd4632
SHA-256: 8c0123c32ba2ff1a9bcb16527eff47060e948f4148aa1491c62034338389e80f
Size: 10.20 kB - unbound-libs-1.24.2-2.el9.i686.rpm
MD5: 680bb3a6b24333ea534469e9ccf6944c
SHA-256: 707d6e03d0aff6dca79c86738e944f36fca796467fb3818181d0950c0c91b726
Size: 603.93 kB - unbound-libs-1.24.2-2.el9.x86_64.rpm
MD5: 1271f1520eaf8fb7ad6929a274235113
SHA-256: abbe5fc214b21fccf9a8e8de088b8e2fd2fc11a7caae3fb5f622ef88aa606ea5
Size: 578.62 kB