Summary: | <net-dns/unbound-1.4.10: Remote DoS (CVE-2011-1922) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | TANABE Ken-ichi <nabeken> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexanderyt, matsuu |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.unbound.net/download.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
TANABE Ken-ichi
2011-05-28 06:28:46 UTC
According to [1] this is fixed in 1.4.10. @matsuu, thanks for putting 1.4.10 in the tree so quickly. Can we stabilize =net-dns/unbound-1.4.10? Thanks! [1] https://www.kb.cert.org/vuls/id/531342 sorry for delay. please mark stable =net-dns/unbound-1.4.10. unbound-1.4.8.ebuild:KEYWORDS="amd64 x86 ~x64-macos" unbound-1.4.10.ebuild:KEYWORDS="~amd64 ~x86 ~x64-macos" Tested on x86, looks good to go here. amd64 ok and64: ditto Ago amd64 stable x86 stable, thanks Andreas (last arch done) Thanks, everyone. GLSA Vote: yes. CVE-2011-1922 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1922): daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling. Vote: YES. New GLSA request filed. This issue was resolved and addressed in GLSA 201110-12 at http://security.gentoo.org/glsa/glsa-201110-12.xml by GLSA coordinator Tobias Heinlein (keytoaster). |