Bug 25974

Summary: unbound 1.9.6 has several security-related fixes (CVE-2019-2503[2456789], CVE-2019-2504[0-2])
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: eatdirt, herman.viaene, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: unbound-1.9.5-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-12-27 05:28:55 CET 
Unbound 1.9.6 has been released on December 12, containing several security fixes:
https://github.com/NLnetLabs/unbound/blob/release-1.9.6/doc/Changelog

None of them have CVEs assigned.

Fedora has issued an advisory for this on December 18:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/

Mageia 7 is also affected.
David Walser 2019-12-27 05:29:11 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Chris Denice 2020-01-10 13:35:15 CET 
I have uploaded version 1.9.6 for mga 7 in updates_testing.

You can test if the unbound service runs fine with (as root):
systemctl start unbound
systemctl status unbound

should return a green "active (running)".


Suggested advisory:
========================

Updated unbound package to version 1.9.6 to fix various potential security vulnerabilities.


References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/
========================

Updated packages in core/updates_testing:
========================
lib(64)unbound8-1.9.6-1.mga7
lib(64)unbound-devel-1.9.6-1.mga7
unbound-1.9.6-1.mga7
python2-unbound-1.9.6-1.mga7
python3-unbound-1.9.6-1.mga7

Source RPMs: 
unbound-1.9.6-1.mga7.src.rpm

Assignee: eatdirt => qa-bugs
CC: (none) => eatdirt

Comment 2 David Walser 2020-01-10 13:41:23 CET 
Upstream Changelog would be a better URL for the References.

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 3 Herman Viaene 2020-01-13 10:41:17 CET 
MGA7-64 Plasma on Lenovo B50
No installation issues.
# systemctl  start unbound
# systemctl -l status unbound
● unbound.service - Unbound DNS Resolver
   Loaded: loaded (/usr/lib/systemd/system/unbound.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-01-13 10:36:39 CET; 2min 46s ago
 Main PID: 21227 (unbound)
   Memory: 5.7M
   CGroup: /system.slice/unbound.service
           └─21227 /usr/sbin/unbound -c /etc/unbound/unbound.conf

jan 13 10:36:39 mach5.hviaene.thuis systemd[1]: Started Unbound DNS Resolver.
jan 13 10:36:39 mach5.hviaene.thuis unbound[21227]: [21227:0] notice: init module 0: validator
jan 13 10:36:39 mach5.hviaene.thuis unbound[21227]: [21227:0] notice: init module 1: iterator
jan 13 10:36:39 mach5.hviaene.thuis unbound[21227]: [21227:0] info: start of service (unbound 1.9.6).
Good to go.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Thomas Backlund 2020-01-13 16:48:21 CET

Keywords: (none) => advisory, validated_update
CC: (none) => tmb, sysadmin-bugs

Comment 4 Mageia Robot 2020-01-13 17:52:30 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0035.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 5 David Walser 2021-05-19 19:46:33 CEST 
We have CVEs for these fixed issues now:
https://access.redhat.com/errata/RHSA-2021:1853

Summary: unbound 1.9.6 has several security-related fixes => unbound 1.9.6 has several security-related fixes (CVE-2019-2503[2456789], CVE-2019-2504[0-2])