Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1575 unbound1.9 security update 7 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: unbound Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Overwrite Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-25042 CVE-2019-25041 CVE-2019-25040 CVE-2019-25039 CVE-2019-25038 CVE-2019-25037 CVE-2019-25036 CVE-2019-25035 CVE-2019-25034 CVE-2019-25033 CVE-2019-25032 CVE-2019-25031 Reference: ESB-2021.1570 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2652 - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2652-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany May 06, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : unbound1.9 Version : 1.9.0-2+deb10u2~deb9u2 CVE ID : CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 Several security vulnerabilities have been discovered in Unbound, a validating, recursive, caching DNS resolver, by security researchers of X41 D-SEC located in Aachen, Germany. Integer overflows, assertion failures, an out-of-bound write and an infinite loop vulnerability may lead to a denial-of-service or have a negative impact on data confidentiality. For Debian 9 stretch, these problems have been fixed in version 1.9.0-2+deb10u2~deb9u2. We recommend that you upgrade your unbound1.9 packages. For the detailed security status of unbound1.9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/unbound1.9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmCUZoFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQhJxAAs45lLX0f7ccVvjO1+enKtuikNRYq2XgsUtiPe42RfMzGc6qrwExIR3mG +4JbLbrieyolkZbaCWzyFzNOEpnJmRKiyJeIKGnv/ESjj+VSVisr4nOwrGkea4Ue 0XwBj4AuVdPP4j3SoVOF4A7R9umolLNwbOhOXi8cvpFq2rzN56dSKlb2vUxdQ4K3 lApO4iK7hFdBKMa6B7fM/LtVRLTZNamhjXh843rydN8mUhGAf5ORm1qfBtEe48vT 3KCcI+ukNFPZ5mMmC4HV0Y+wlcJq6aTlWEdplS5D1m0ZHV9BQAtwG1dSBqYH1ZaH 0r6Hflq/gG1mXdLAWDlYhjwiRZyPc5Yr6tozzJ4ivOh45lTrZZKNCODwbtgH1Fre aoiYvIpQ9yIwLrshmjt0b9JhroiqzWWRka5w7TOz4em2mKrIRYpTMu7uZ7wcgT+g nIxwzYaBUBJT8UeXENnIL8k49rHCKz+99mPo/Iu5j97paUW1oWnhsHFtXBnuN/MU dgH/3FcWFwNqYM1UYLebx53XSo1U7ZlTM515m5T+OHOU6A1FKGlLB3mYAFzCQlnv 1Ti7n/PFt+KhtI3udf4cboNeOkKL5NlrItFMK7zYnJMFkRYJoHkMrmrgG3zc6iog 24fuBIuPEcF/I9aNRBehnYCNffhcQq6v2+2bjjwSnOwZ2xfJiSg= =h3aO - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYJSLsONLKJtyKPYoAQjlnQ//bbnThxDSy+OooWf2cGMtte0U685JBK4C ohrg4O+zpVJia03Z2uxeLTdIh2BAJhH7ib2XxncyGwq/H0pR8DAFvnFB34SiKpIe il3O9f0FUu8TSHRFKfLOxyUIeEUTZbiCfSpiO4ZqmPuWDtlMMbh+84+CS452Jgnm oGLstGwPh8rUC6Zl3aozRqJOrWuWo0B81RnX01FrSjb8i0D/dsaRJ5cf8YP+FH35 wPr7OCsJvRcA7oD56VgNbe49ZmbOMJL5O6Fu2E5tIoN0amSqRQcLpzqJObYCuP0/ ewRYVNTmFhwBX12V3cmOD2IRflXjzEIbSWIdmqVzvFPkk6QY3Us4foNjvAgkJO3t Sj1TqRcBQfnheXfePcTMS0GTfhcSBRDbFxvU7P2KVX/v7tABFF7T2/vB/FPBStZc fpiKA5Xis7zVpLwpgXrO79ESh9tn1IFM1ienkdeiFZ1SMllaDxwVGe+C/lU5u+dn P0BDQzS+sc7ZtVzVs8/N8xONaqTmoi6ws8snwIsM0zSocuX0RmZQbh1LEVwyEjGE CrxLcaG4ASjPYtvNBbTtW4fAjfdID9j31+KUEk8+o19qf8QlY8dVhrmsDZCd01Pw aMaWvh2OwoVcNTagIWDc4bnlIzvIIz/CyqhI7Gbu6RfS7MCazvPRRUylSuskXXo1 zbWcZtymLiw= =Pb8l -----END PGP SIGNATURE-----