Is there a fix for this in bind 9?

CC: (none) => jim

Assigning to its registered maintainer!

Whiteboard: (none) => MGA9TOO
CC: (none) => geiger.david68210
Assignee: bugsquad => eatdirt
Version: 9 => Cauldron

Thanks for the head-up!

Package unbound updated to version 1.9.1 to fix security issues CVE-2023-50387 and CVE-2023-50868.

https://nlnetlabs.nl/projects/unbound/security-advisories/

The packages required for this update advisory are:

RPMS:
lib(64)unbound8-1.19.1-1.mga9
lib(64)unbound-devel-1.19.1-1.mga9
python3-unbound-1.19.1-1.mga9
unbound-1.19.1-1.mga9

SRPMS:
unbound-1.19.1-1.mga9.src.rpm

Assignee: eatdirt => qa-bugs

 unbound-1.19.1-1.mga10 landed in cauldron

URL: (none) => https://nlnetlabs.nl/projects/unbound/security-advisories/ https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.1
CC: (none) => marja11
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9

I'm no expert in this area, but I played around a little, using bug 30876 comment 5 as a guide:

Tested on a MGA9-64 Plasma system. No installation issues. Rebooted...

[root@localhost ~]# systemctl status unbound
● unbound.service - Unbound DNS Resolver
     Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-02-16 13:22:18 EST; 2min 29s ago
   Main PID: 15331 (unbound)
      Tasks: 1 (limit: 57718)
     Memory: 8.1M
        CPU: 62ms
     CGroup: /system.slice/unbound.service
             └─15331 /usr/sbin/unbound -c /etc/unbound/unbound.conf

Feb 16 13:22:18 localhost.localdomain systemd[1]: Started unbound.service.
Feb 16 13:22:18 localhost.localdomain unbound[15331]: [15331:0] notice: init module 0: validator
Feb 16 13:22:18 localhost.localdomain unbound[15331]: [15331:0] notice: init module 1: iterator
Feb 16 13:22:18 localhost.localdomain unbound[15331]: [15331:0] info: start of service (unbound 1.19.1).

Using my router:

$ dig mageia.org

; <<>> DiG 9.18.15 <<>> mageia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1591
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mageia.org.                    IN      A

;; ANSWER SECTION:
mageia.org.             164     IN      A       163.172.148.228

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Fri Feb 16 13:25:55 EST 2024
;; MSG SIZE  rcvd: 55

Activating a VPN:

$ dig mageia.org

; <<>> DiG 9.18.15 <<>> mageia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6011
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3d1281116fd5c1980100000065cfa950419da7ef1ac13a63 (good)
;; QUESTION SECTION:
;mageia.org.                    IN      A

;; ANSWER SECTION:
mageia.org.             1800    IN      A       163.172.148.228

;; Query time: 161 msec
;; SERVER: 162.252.172.57#53(162.252.172.57) (UDP)
;; WHEN: Fri Feb 16 13:28:32 EST 2024
;; MSG SIZE  rcvd: 83

Note that the IP for the server changed from my router to the VPN's IP.

I don't see any errors there, so I'm giving this an OK, and validating. If this test isn't valid, someone please rescue me from myself.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0039.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED