| Summary: | unbound new security issues CVE-2019-18934 and CVE-2019-2503[137] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, sysadmin-bugs, tarazed25, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | unbound-1.9.4-1.mga7.src.rpm | CVE: | |
| Status comment: | Fixed upstream in 1.9.5 | ||
|
Description
David Walser
2019-11-20 15:13:45 CET
David Walser
2019-11-20 15:14:02 CET
Whiteboard:
(none) =>
MGA7TOO This security issue does not concern us, we do not compile the package with the options allowing the breach. Only users recompiling their Mageia package by tweaking the options could be concerned. Since this is a minimal work anyway, I have uploaded the fixed version 1.9.5 for mga 7 in updates_testing (cauldron also updated). You can test if the unbound service runs fine with (as root): systemctl start unbound systemctl status unbound should return a green "active (running)". Suggested advisory: ======================== Updated unbound package to version 1.9.5 to fix a potential security vulnerability. In case users recompiled the Mageia package with `--enable-ipsecmod`, and ipsecmod is enabled and used in the configuration, shell code execution would end up being possible after receiving a specially crafted answer. References: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt ======================== Updated packages in core/updates_testing: ======================== lib(64)unbound8-1.9.5-1.mga7 lib(64)unbound-devel-1.9.5-1.mga7 unbound-1.9.5-1.mga7 python2-unbound-1.9.5-1.mga7 python3-unbound-1.9.5-1.mga7 Source RPMs: unbound-1.9.5-1.mga7.src.rpm Assignee:
eatdirt =>
qa-bugs
Thomas Backlund
2019-11-20 23:30:49 CET
Whiteboard:
MGA7TOO =>
(none) Mageia 7, x86_64
All packages updated cleanly.
# systemctl start unbound
# systemctl status unbound
● unbound.service - Unbound DNS Resolver
Loaded: loaded (/usr/lib/systemd/system/unbound.service; disabled; vendor pr>
Active: active (running) since Wed 2019-11-20 23:38:28 GMT; 14s ago
Main PID: 4521 (unbound)
Memory: 5.7M
CGroup: /system.slice/unbound.service
└─4521 /usr/sbin/unbound -c /etc/unbound/unbound.conf
Nov 20 23:38:28 difda systemd[1]: Started Unbound DNS Resolver.
[...]
If that is all that is required then this is good to go.CC:
(none) =>
tarazed25 Guess so, Len. Validating. Advisory in Comment 1. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Thomas Backlund
2019-11-30 12:26:41 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0344.html Resolution:
(none) =>
FIXED CVE-2019-25031 and CVE-2019-25037 were also fixed by this update: https://ubuntu.com/security/notices/USN-4938-1 Summary:
unbound new security issue CVE-2019-18934 =>
unbound new security issues CVE-2019-18934 and CVE-2019-2503[17] CVE-2019-25033 was also fixed in this update: https://lists.suse.com/pipermail/sle-security-updates/2022-January/010064.html https://bugzilla.suse.com/show_bug.cgi?id=1185384 Summary:
unbound new security issues CVE-2019-18934 and CVE-2019-2503[17] =>
unbound new security issues CVE-2019-18934 and CVE-2019-2503[137] |