The company X41 has performed a security audit of unbound, initiated by OSTIF: https://www.x41-dsec.de/security/research/job/news/2019/12/11/unbound/ The most severe findings were already fixed in unbound 1.9.4 and 1.9.5, but various less severe issues have only been fixed in 1.9.6, see: https://www.nlnetlabs.nl/news/2019/Dec/12/unbound-1.9.6-released/ https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-9-6 Particularly it lists various out of bounds read/write errors. Please bump to 1.9.6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b10ded20311823cf28570b97d85738da97149175 commit b10ded20311823cf28570b97d85738da97149175 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-12-14 21:15:11 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-12-14 21:19:01 +0000 net-dns/unbound: bump to v1.9.6 Bug: https://bugs.gentoo.org/702828 Package-Manager: Portage-2.3.81, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-dns/unbound/Manifest | 1 + net-dns/unbound/unbound-1.9.6.ebuild | 183 +++++++++++++++++++++++++++++++++++ 2 files changed, 184 insertions(+)
x86 stable
amd64 stable
arm stable
ppc64 stable
ppc stable. Maintainer(s), please cleanup. Security, please vote.
(In reply to Agostino Sarubbo from comment #6) > ppc stable. > > Maintainer(s), please cleanup. > Security, please vote. Vulnerable versions dropped in: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=345161cf1b211703ee86bed59e662fc79e475f09
GLSA Vote: No! Repository is clean, all done!