Ubuntu has issued an advisory on May 28: https://ubuntu.com/security/notices/USN-6791-1 Mageia 9 is also affected.
CVE: (none) => CVE-2024-33655Source RPM: (none) => unbound-1.19.3-1.mga10.src.rpmWhiteboard: (none) => MGA9TOOStatus comment: (none) => Fixed upstream in 1.20.0 and patch available from upstream and Ubuntu
Assigning to the registered maintainer!
Assignee: bugsquad => eatdirtCC: (none) => geiger.david68210
Thanks, I'll fix that.
Unbound package version 1.20.0 landing in update testing. ------------- Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a DNSBomb. Updated packages in core/updates_testing lib64unbound8-1.20.0-1.mga9 python3-unbound-1.20.0-1.mga9 lib(64)unbound-devel-1.20.0-1.mga9 unbound-1.20.0-1.mga9
CC: (none) => eatdirtAssignee: eatdirt => qa-bugs
Keywords: (none) => advisoryVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)Source RPM: unbound-1.19.3-1.mga10.src.rpm => unbound
LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-unbound-1.20.0-1.mga9.x86_64.rpm lib64unbound8-1.20.0-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: lib64unbound8 ################################################################################################## 2/2: python3-unbound ################################################################################################## 1/2: removing python3-unbound-1.19.1-1.mga9.x86_64 ################################################################################################## 2/2: removing lib64unbound8-1.19.1-1.mga9.x86_64 ################################################################################################## LC_ALL=C urpmi unbound installing unbound-1.20.0-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: unbound ################################################################################################## ---------------------------------------------------------------------- More information on package unbound-1.20.0-1.mga9.x86_64 In case you install the dnscrypt-proxy package, uncomment the indicated forward-zone block in /etc/unbound/unbound.conf and set "do-not-query-localhost: no" ---------------------------------------------------------------------- Reference bug#32841 comment#6 systemctl start unbound systemctl status unbound ● unbound.service - Unbound DNS Resolver Loaded: loaded (/usr/lib/systemd/system/unbound.service; disabled; preset: disabled) Active: active (running) since Fri 2024-05-31 20:46:14 CST; 2s ago Main PID: 555332 (unbound) Tasks: 1 (limit: 6904) Memory: 6.8M CPU: 58ms CGroup: /system.slice/unbound.service └─555332 /usr/sbin/unbound -c /etc/unbound/unbound.conf may 31 20:46:14 phoenix systemd[1]: Started unbound.service. may 31 20:46:14 phoenix unbound[555332]: [555332:0] notice: init module 0: validator may 31 20:46:14 phoenix unbound[555332]: [555332:0] notice: init module 1: iterator may 31 20:46:14 phoenix unbound[555332]: [555332:0] info: start of service (unbound 1.20.0). dig mageia.org ; <<>> DiG 9.18.15 <<>> mageia.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22784 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;mageia.org. IN A ;; ANSWER SECTION: mageia.org. 1800 IN A 163.172.148.228 ;; Query time: 288 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP) ;; WHEN: Fri May 31 20:47:55 CST 2024 ;; MSG SIZE rcvd: 55 I not have VPN so this all the test I can do
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0203.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED