CVE-2024-43167 was announced here: https://openwall.com/lists/oss-security/2024/08/16/6 The problem is fixed in 1.21.0.
CVE: (none) => CVE-2024-43167Whiteboard: (none) => MGA9TOOSource RPM: (none) => unbound-1.20.0-1.mga10.src.rpm
Assigning to unbound's maintainer
Assignee: bugsquad => eatdirtCC: (none) => marja11
Unbound package version 1.21.0 landing in update testing. ------------- Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-43167. Updated packages in core/updates_testing lib64unbound8-1.21.0-1.mga9 python3-unbound-1.21.0-1.mga9 lib(64)unbound-devel-1.21.0-1.mga9 unbound-1.21.0-1.mga9
CC: (none) => eatdirtAssignee: eatdirt => qa-bugs
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update adding 66 new rpms not available in existing hdlist replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp updating /var/cache/urpmi/partial/MD5SUM updated medium "QA Testing (32-bit)" medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing lib64unbound8-1.21.0-1.mga9.x86_64.rpm python3-unbound-1.21.0-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: lib64unbound8 ################################################################################################## 2/2: python3-unbound ################################################################################################## 1/2: removing python3-unbound-1.20.0-1.mga9.x86_64 ################################################################################################## 2/2: removing lib64unbound8-1.20.0-1.mga9.x86_64 ################################################################################################## LC_ALL=C urpmi unbound installing unbound-1.21.0-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: unbound ################################################################################################## ---------------------------------------------------------------------- More information on package unbound-1.21.0-1.mga9.x86_64 In case you install the dnscrypt-proxy package, uncomment the indicated forward-zone block in /etc/unbound/unbound.conf and set "do-not-query-localhost: no" ---------------------------------------------------------------------- Reference bug#32841 comment#6 systemctl start unbound systemctl status unbound ● unbound.service - Unbound DNS Resolver Loaded: loaded (/usr/lib/systemd/system/unbound.service; disabled; preset: disabled) Active: active (running) since Mon 2024-09-09 11:38:52 CST; 12s ago Main PID: 33408 (unbound) Tasks: 1 (limit: 6878) Memory: 7.1M CPU: 47ms CGroup: /system.slice/unbound.service └─33408 /usr/sbin/unbound -c /etc/unbound/unbound.conf sep 09 11:38:52 jgrey.phoenix systemd[1]: Started unbound.service. sep 09 11:38:52 jgrey.phoenix unbound[33408]: [33408:0] notice: init module 0: validator sep 09 11:38:52 jgrey.phoenix unbound[33408]: [33408:0] notice: init module 1: iterator sep 09 11:38:52 jgrey.phoenix unbound[33408]: [33408:0] info: start of service (unbound 1.21.0). dig mageia.org ; <<>> DiG 9.18.15 <<>> mageia.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26746 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;mageia.org. IN A ;; ANSWER SECTION: mageia.org. 1800 IN A 163.172.148.228 ;; Query time: 176 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP) ;; WHEN: Mon Sep 09 11:39:37 CST 2024 ;; MSG SIZE rcvd: 55 Consistent with reference and previou round bug#33252 comment#4 Again can't test VPN part in reference
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
No installation issues. Using my router: $ dig mageia.org ; <<>> DiG 9.18.15 <<>> mageia.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63938 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;mageia.org. IN A ;; ANSWER SECTION: mageia.org. 1800 IN A 163.172.148.228 ;; Query time: 123 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP) ;; WHEN: Mon Sep 09 21:36:13 EDT 2024 ;; MSG SIZE rcvd: 55 Activating a vpn: $ dig mageia.org ; <<>> DiG 9.18.15 <<>> mageia.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55401 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 7f4c1af8fd92d17c0100000066dfa2c900cb6cf5a9601be2 (good) ;; QUESTION SECTION: ;mageia.org. IN A ;; ANSWER SECTION: mageia.org. 1800 IN A 163.172.148.228 ;; Query time: 193 msec ;; SERVER: 162.252.172.57#53(162.252.172.57) (UDP) ;; WHEN: Mon Sep 09 21:37:13 EDT 2024 ;; MSG SIZE rcvd: 83 Note that the server changed from my router's IP to the vpn,s IP. Confirming the OK. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0293.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED