Upstream has issued an advisory today (January 19): https://unbound.net/downloads/CVE-2017-15105.txt The issue is fixed upstream in 1.6.8, and patch is linked from the advisory. Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Hi David, Thanks for spotting this! Updated package to 1.6.8 on Cauldron, as well as on mga6. We were at version 1.6.2 and many other fixes have been applied since. To test, install unbound and check that you can run the service. As root: systemctl start unbound systemctl status unbound Should report a running unbound service. I have tested it myself on real mga6, x86_64 in real environment (coupled to dnscrypt), the new version works fine. Cheers, Chris. Advisory: ======================== Updated unbound packages to fix security vulnerability (CVE-2017-15105) in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This was, however, happenning in Unbound 1.6.7 and earlier versions. References ================== https://unbound.net/downloads/CVE-2017-15105.txt Updated packages in core/updates_testing: ======================== lib64unbound2-1.6.8-1.mga6 unbound-1.6.8-1.mga6 from SRPMS: unbound-1.6.8-1.mga6.src
Assignee: eatdirt => qa-bugs
CC: (none) => tmbVersion: Cauldron => 6Whiteboard: MGA6TOO => (none)
Mageia 6 :: x86_64 Installed the two packages, checked that the service could be started then updated and ran the test again. If that is all that is requires then this is good for 64 bits.
CC: (none) => tarazed25
Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0091.html
Status: NEW => RESOLVEDResolution: (none) => FIXED