Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 532000 (CVE-2014-8602) - <net-dns/unbound-1.5.1-r2: DoS through delegation loop (CVE-2014-8602)
Summary: <net-dns/unbound-1.5.1-r2: DoS through delegation loop (CVE-2014-8602)
Status: RESOLVED FIXED
Alias: CVE-2014-8602
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://unbound.net/downloads/CVE-201...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 530928 531068
Blocks: CVE-2014-9221
  Show dependency tree
 
Reported: 2014-12-08 18:22 UTC by Hanno Böck
Modified: 2016-06-26 11:49 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2014-12-08 18:22:36 UTC 
unbound is vulnerable to a Denial of service attack through specially crafted DNS records causing an infinite loop of delegations.

Fixed in upstream's 1.5.1.
Comment 1 Mike Gilbert gentoo-dev 2014-12-08 19:52:45 UTC 
Bug 530928 is pretty minor, and should probably not block this.
Comment 2 Tim Harder gentoo-dev 2014-12-08 22:14:27 UTC 
Feel free to stabilize if you want, just note bug #531068.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2015-01-31 19:39:35 UTC 
Arches, please test and mark stable:

=net-dns/unbound-1.5.1-r2

Target Keywords : "amd64 ppc x86"

Thank you!
Comment 4 Agostino Sarubbo gentoo-dev 2015-02-24 10:11:36 UTC 
This requires a lot of unstable depend. Could you provide a full list?
Comment 5 Agostino Sarubbo gentoo-dev 2015-04-09 09:05:04 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-04-09 09:05:27 UTC 
x86 stable
Comment 7 Pacho Ramos gentoo-dev 2015-04-26 17:09:54 UTC 
   net-dns/unbound/unbound-1.5.1-r2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['dev-libs/fstrm[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=dev-libs/protobuf-c-1.0.2-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
Comment 8 Mike Gilbert gentoo-dev 2015-05-05 21:35:18 UTC 
(In reply to Pacho Ramos from comment #7)

Please see bug 531068 to rekeyword unbound and dependencies.
Comment 9 Pacho Ramos gentoo-dev 2015-05-15 11:57:30 UTC 
ppc/ppc64 done
Comment 10 Pacho Ramos gentoo-dev 2016-05-06 11:14:59 UTC 
security team, the arches did the work I think ;)
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2016-06-21 09:25:40 UTC 
@maintainer(s), please clean vulnerable versions:

net-dns/unbound-1.4.22-r1
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2016-06-26 11:49:38 UTC 
Cleaned:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87e0a6b3e542aecaf9098c424f403c3cc39e3d23

GLSA Vote: No