Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 723984 (CVE-2020-12662, CVE-2020-12663)

Summary: <net-dns/unbound-1.10.1: multiple vulnerabilities (CVE-2020-{12662,12663})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: alarig, mschiff, whissi
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
Whiteboard: B3 [noglsa cve]
Package list:
net-dns/unbound-1.10.1
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-05-19 15:05:04 UTC
CVE-2020-12663 (https://nvd.nist.gov/vuln/detail/CVE-2020-12663):
  Unbound can be tricked into amplifying an incoming query into a large
  number of queries directed to a target.

CVE-2020-12662 (https://nvd.nist.gov/vuln/detail/CVE-2020-12662):
  Malformed answers from upstream name servers can be used to make Unbound
  unresponsive.


CVE texts are mixed.
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-21 07:53:57 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-05-21 07:57:37 UTC
arm stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-05-21 07:59:32 UTC
ppc stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-05-21 08:01:22 UTC
ppc64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-05-21 08:06:56 UTC
x86 stable
Comment 6 Sam James archtester gentoo-dev Security 2020-05-21 22:55:40 UTC
@maintainer(s), please cleanup
Comment 7 Larry the Git Cow gentoo-dev 2020-05-21 23:09:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc9d625b6931b268fb3d5cbaa259856fceecb582

commit cc9d625b6931b268fb3d5cbaa259856fceecb582
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-21 23:08:50 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-21 23:08:50 +0000

    net-dns/unbound: security cleanup
    
    Bug: https://bugs.gentoo.org/723984
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-dns/unbound/Manifest              |   1 -
 net-dns/unbound/unbound-1.10.0.ebuild | 183 ----------------------------------
 2 files changed, 184 deletions(-)