Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 723984 (CVE-2020-12662, CVE-2020-12663) - <net-dns/unbound-1.10.1: multiple vulnerabilities (CVE-2020-{12662,12663})
Summary: <net-dns/unbound-1.10.1: multiple vulnerabilities (CVE-2020-{12662,12663})
Status: RESOLVED FIXED
Alias: CVE-2020-12662, CVE-2020-12663
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://nlnetlabs.nl/downloads/unboun...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-19 15:05 UTC by GLSAMaker/CVETool Bot
Modified: 2020-06-18 03:10 UTC (History)
3 users (show)

See Also:
Package list:
net-dns/unbound-1.10.1
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-05-19 15:05:04 UTC 
CVE-2020-12663 (https://nvd.nist.gov/vuln/detail/CVE-2020-12663):
  Unbound can be tricked into amplifying an incoming query into a large
  number of queries directed to a target.

CVE-2020-12662 (https://nvd.nist.gov/vuln/detail/CVE-2020-12662):
  Malformed answers from upstream name servers can be used to make Unbound
  unresponsive.


CVE texts are mixed.
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-21 07:53:57 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-05-21 07:57:37 UTC 
arm stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-05-21 07:59:32 UTC 
ppc stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-05-21 08:01:22 UTC 
ppc64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-05-21 08:06:56 UTC 
x86 stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-21 22:55:40 UTC 
@maintainer(s), please cleanup
Comment 7 Larry the Git Cow gentoo-dev 2020-05-21 23:09:08 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc9d625b6931b268fb3d5cbaa259856fceecb582

commit cc9d625b6931b268fb3d5cbaa259856fceecb582
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-21 23:08:50 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-21 23:08:50 +0000

    net-dns/unbound: security cleanup
    
    Bug: https://bugs.gentoo.org/723984
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-dns/unbound/Manifest              |   1 -
 net-dns/unbound/unbound-1.10.0.ebuild | 183 ----------------------------------
 2 files changed, 184 deletions(-)