"The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks." Please bump to 1.16.3.
ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdf645337b86cbdf011b6c6f5984eeb58e11b5ac commit fdf645337b86cbdf011b6c6f5984eeb58e11b5ac Author: Marc Schiffbauer <mschiff@gentoo.org> AuthorDate: 2022-10-12 14:29:28 +0000 Commit: Marc Schiffbauer <mschiff@gentoo.org> CommitDate: 2022-10-12 14:29:28 +0000 net-dns/unbound: add 1.16.3, drop 1.16.2 Bug: https://bugs.gentoo.org/872209 Signed-off-by: Marc Schiffbauer <mschiff@gentoo.org> net-dns/unbound/Manifest | 4 ++-- net-dns/unbound/{unbound-1.16.2.ebuild => unbound-1.16.3.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-)
Please stabilize when ready.
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be530e587fe23ead7b643f547a3d5e3be5623c32 commit be530e587fe23ead7b643f547a3d5e3be5623c32 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-11-22 18:38:32 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-22 18:40:57 +0000 net-dns/unbound: drop 1.13.1-r3, 1.13.2-r1, 1.15.0, 1.16.0 Bug: https://bugs.gentoo.org/872209 Bug: https://bugs.gentoo.org/866881 Signed-off-by: John Helmert III <ajak@gentoo.org> net-dns/unbound/Manifest | 6 - net-dns/unbound/unbound-1.13.1-r3.ebuild | 208 ------------------------------ net-dns/unbound/unbound-1.13.2-r1.ebuild | 210 ------------------------------ net-dns/unbound/unbound-1.15.0.ebuild | 213 ------------------------------- net-dns/unbound/unbound-1.16.0.ebuild | 213 ------------------------------- 5 files changed, 850 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a8c88ef24b83e97ad8e1c9188236da95c32f0fe7 commit a8c88ef24b83e97ad8e1c9188236da95c32f0fe7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-12-19 02:00:45 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-19 02:04:28 +0000 [ GLSA 202212-02 ] Unbound: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/866881 Bug: https://bugs.gentoo.org/872209 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202212-02.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)
GLSA released, all done.