Unbound 1.9.6 has been released on December 12, containing several security fixes: https://github.com/NLnetLabs/unbound/blob/release-1.9.6/doc/Changelog None of them have CVEs assigned. Fedora has issued an advisory for this on December 18: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
I have uploaded version 1.9.6 for mga 7 in updates_testing. You can test if the unbound service runs fine with (as root): systemctl start unbound systemctl status unbound should return a green "active (running)". Suggested advisory: ======================== Updated unbound package to version 1.9.6 to fix various potential security vulnerabilities. References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/ ======================== Updated packages in core/updates_testing: ======================== lib(64)unbound8-1.9.6-1.mga7 lib(64)unbound-devel-1.9.6-1.mga7 unbound-1.9.6-1.mga7 python2-unbound-1.9.6-1.mga7 python3-unbound-1.9.6-1.mga7 Source RPMs: unbound-1.9.6-1.mga7.src.rpm
Assignee: eatdirt => qa-bugsCC: (none) => eatdirt
Upstream Changelog would be a better URL for the References.
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues. # systemctl start unbound # systemctl -l status unbound ● unbound.service - Unbound DNS Resolver Loaded: loaded (/usr/lib/systemd/system/unbound.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2020-01-13 10:36:39 CET; 2min 46s ago Main PID: 21227 (unbound) Memory: 5.7M CGroup: /system.slice/unbound.service └─21227 /usr/sbin/unbound -c /etc/unbound/unbound.conf jan 13 10:36:39 mach5.hviaene.thuis systemd[1]: Started Unbound DNS Resolver. jan 13 10:36:39 mach5.hviaene.thuis unbound[21227]: [21227:0] notice: init module 0: validator jan 13 10:36:39 mach5.hviaene.thuis unbound[21227]: [21227:0] notice: init module 1: iterator jan 13 10:36:39 mach5.hviaene.thuis unbound[21227]: [21227:0] info: start of service (unbound 1.9.6). Good to go.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0035.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
We have CVEs for these fixed issues now: https://access.redhat.com/errata/RHSA-2021:1853
Summary: unbound 1.9.6 has several security-related fixes => unbound 1.9.6 has several security-related fixes (CVE-2019-2503[2456789], CVE-2019-2504[0-2])