Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1575
unbound1.9 security update
7 May 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: unbound
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-25042 CVE-2019-25041 CVE-2019-25040
CVE-2019-25039 CVE-2019-25038 CVE-2019-25037
CVE-2019-25036 CVE-2019-25035 CVE-2019-25034
CVE-2019-25033 CVE-2019-25032 CVE-2019-25031
Reference: ESB-2021.1570
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2652
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2652-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
May 06, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : unbound1.9
Version : 1.9.0-2+deb10u2~deb9u2
CVE ID : CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034
CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038
CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042
Several security vulnerabilities have been discovered in Unbound, a validating,
recursive, caching DNS resolver, by security researchers of X41 D-SEC located
in Aachen, Germany. Integer overflows, assertion failures, an out-of-bound
write and an infinite loop vulnerability may lead to a denial-of-service or
have a negative impact on data confidentiality.
For Debian 9 stretch, these problems have been fixed in version
1.9.0-2+deb10u2~deb9u2.
We recommend that you upgrade your unbound1.9 packages.
For the detailed security status of unbound1.9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unbound1.9
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmCUZoFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQhJxAAs45lLX0f7ccVvjO1+enKtuikNRYq2XgsUtiPe42RfMzGc6qrwExIR3mG
+4JbLbrieyolkZbaCWzyFzNOEpnJmRKiyJeIKGnv/ESjj+VSVisr4nOwrGkea4Ue
0XwBj4AuVdPP4j3SoVOF4A7R9umolLNwbOhOXi8cvpFq2rzN56dSKlb2vUxdQ4K3
lApO4iK7hFdBKMa6B7fM/LtVRLTZNamhjXh843rydN8mUhGAf5ORm1qfBtEe48vT
3KCcI+ukNFPZ5mMmC4HV0Y+wlcJq6aTlWEdplS5D1m0ZHV9BQAtwG1dSBqYH1ZaH
0r6Hflq/gG1mXdLAWDlYhjwiRZyPc5Yr6tozzJ4ivOh45lTrZZKNCODwbtgH1Fre
aoiYvIpQ9yIwLrshmjt0b9JhroiqzWWRka5w7TOz4em2mKrIRYpTMu7uZ7wcgT+g
nIxwzYaBUBJT8UeXENnIL8k49rHCKz+99mPo/Iu5j97paUW1oWnhsHFtXBnuN/MU
dgH/3FcWFwNqYM1UYLebx53XSo1U7ZlTM515m5T+OHOU6A1FKGlLB3mYAFzCQlnv
1Ti7n/PFt+KhtI3udf4cboNeOkKL5NlrItFMK7zYnJMFkRYJoHkMrmrgG3zc6iog
24fuBIuPEcF/I9aNRBehnYCNffhcQq6v2+2bjjwSnOwZ2xfJiSg=
=h3aO
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYJSLsONLKJtyKPYoAQjlnQ//bbnThxDSy+OooWf2cGMtte0U685JBK4C
ohrg4O+zpVJia03Z2uxeLTdIh2BAJhH7ib2XxncyGwq/H0pR8DAFvnFB34SiKpIe
il3O9f0FUu8TSHRFKfLOxyUIeEUTZbiCfSpiO4ZqmPuWDtlMMbh+84+CS452Jgnm
oGLstGwPh8rUC6Zl3aozRqJOrWuWo0B81RnX01FrSjb8i0D/dsaRJ5cf8YP+FH35
wPr7OCsJvRcA7oD56VgNbe49ZmbOMJL5O6Fu2E5tIoN0amSqRQcLpzqJObYCuP0/
ewRYVNTmFhwBX12V3cmOD2IRflXjzEIbSWIdmqVzvFPkk6QY3Us4foNjvAgkJO3t
Sj1TqRcBQfnheXfePcTMS0GTfhcSBRDbFxvU7P2KVX/v7tABFF7T2/vB/FPBStZc
fpiKA5Xis7zVpLwpgXrO79ESh9tn1IFM1ienkdeiFZ1SMllaDxwVGe+C/lU5u+dn
P0BDQzS+sc7ZtVzVs8/N8xONaqTmoi6ws8snwIsM0zSocuX0RmZQbh1LEVwyEjGE
CrxLcaG4ASjPYtvNBbTtW4fAjfdID9j31+KUEk8+o19qf8QlY8dVhrmsDZCd01Pw
aMaWvh2OwoVcNTagIWDc4bnlIzvIIz/CyqhI7Gbu6RfS7MCazvPRRUylSuskXXo1
zbWcZtymLiw=
=Pb8l
-----END PGP SIGNATURE-----