Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1987
unbound security update
9 June 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: unbound
Publisher: Red Hat
Operating System: Red Hat
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-12663 CVE-2020-12662
Reference: ESB-2020.1951
ESB-2020.1874
ESB-2020.1864
ESB-2020.1843
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:2414
https://access.redhat.com/errata/RHSA-2020:2416
https://access.redhat.com/errata/RHSA-2020:2418
https://access.redhat.com/errata/RHSA-2020:2419
Comment: This bulletin contains four (4) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: unbound security update
Advisory ID: RHSA-2020:2414-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2414
Issue date: 2020-06-08
CVE Names: CVE-2020-12662 CVE-2020-12663
=====================================================================
1. Summary:
An update for unbound is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The unbound packages provide a validating, recursive, and caching DNS or
DNSSEC resolver.
Security Fix(es):
* unbound: amplification of an incoming query into a large number of
queries directed to a target (CVE-2020-12662)
* unbound: infinite loop via malformed DNS answers received from upstream
servers (CVE-2020-12663)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target
1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
unbound-1.6.6-4.el7_8.src.rpm
x86_64:
unbound-1.6.6-4.el7_8.x86_64.rpm
unbound-debuginfo-1.6.6-4.el7_8.i686.rpm
unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm
unbound-libs-1.6.6-4.el7_8.i686.rpm
unbound-libs-1.6.6-4.el7_8.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
unbound-debuginfo-1.6.6-4.el7_8.i686.rpm
unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm
unbound-devel-1.6.6-4.el7_8.i686.rpm
unbound-devel-1.6.6-4.el7_8.x86_64.rpm
unbound-python-1.6.6-4.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
unbound-1.6.6-4.el7_8.src.rpm
x86_64:
unbound-debuginfo-1.6.6-4.el7_8.i686.rpm
unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm
unbound-libs-1.6.6-4.el7_8.i686.rpm
unbound-libs-1.6.6-4.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
unbound-1.6.6-4.el7_8.x86_64.rpm
unbound-debuginfo-1.6.6-4.el7_8.i686.rpm
unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm
unbound-devel-1.6.6-4.el7_8.i686.rpm
unbound-devel-1.6.6-4.el7_8.x86_64.rpm
unbound-python-1.6.6-4.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
unbound-1.6.6-4.el7_8.src.rpm
ppc64:
unbound-1.6.6-4.el7_8.ppc64.rpm
unbound-debuginfo-1.6.6-4.el7_8.ppc.rpm
unbound-debuginfo-1.6.6-4.el7_8.ppc64.rpm
unbound-libs-1.6.6-4.el7_8.ppc.rpm
unbound-libs-1.6.6-4.el7_8.ppc64.rpm
ppc64le:
unbound-1.6.6-4.el7_8.ppc64le.rpm
unbound-debuginfo-1.6.6-4.el7_8.ppc64le.rpm
unbound-libs-1.6.6-4.el7_8.ppc64le.rpm
s390x:
unbound-1.6.6-4.el7_8.s390x.rpm
unbound-debuginfo-1.6.6-4.el7_8.s390.rpm
unbound-debuginfo-1.6.6-4.el7_8.s390x.rpm
unbound-libs-1.6.6-4.el7_8.s390.rpm
unbound-libs-1.6.6-4.el7_8.s390x.rpm
x86_64:
unbound-1.6.6-4.el7_8.x86_64.rpm
unbound-debuginfo-1.6.6-4.el7_8.i686.rpm
unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm
unbound-libs-1.6.6-4.el7_8.i686.rpm
unbound-libs-1.6.6-4.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
unbound-debuginfo-1.6.6-4.el7_8.ppc.rpm
unbound-debuginfo-1.6.6-4.el7_8.ppc64.rpm
unbound-devel-1.6.6-4.el7_8.ppc.rpm
unbound-devel-1.6.6-4.el7_8.ppc64.rpm
unbound-python-1.6.6-4.el7_8.ppc64.rpm
ppc64le:
unbound-debuginfo-1.6.6-4.el7_8.ppc64le.rpm
unbound-devel-1.6.6-4.el7_8.ppc64le.rpm
unbound-python-1.6.6-4.el7_8.ppc64le.rpm
s390x:
unbound-debuginfo-1.6.6-4.el7_8.s390.rpm
unbound-debuginfo-1.6.6-4.el7_8.s390x.rpm
unbound-devel-1.6.6-4.el7_8.s390.rpm
unbound-devel-1.6.6-4.el7_8.s390x.rpm
unbound-python-1.6.6-4.el7_8.s390x.rpm
x86_64:
unbound-debuginfo-1.6.6-4.el7_8.i686.rpm
unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm
unbound-devel-1.6.6-4.el7_8.i686.rpm
unbound-devel-1.6.6-4.el7_8.x86_64.rpm
unbound-python-1.6.6-4.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
unbound-1.6.6-4.el7_8.src.rpm
x86_64:
unbound-1.6.6-4.el7_8.x86_64.rpm
unbound-debuginfo-1.6.6-4.el7_8.i686.rpm
unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm
unbound-libs-1.6.6-4.el7_8.i686.rpm
unbound-libs-1.6.6-4.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
unbound-debuginfo-1.6.6-4.el7_8.i686.rpm
unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm
unbound-devel-1.6.6-4.el7_8.i686.rpm
unbound-devel-1.6.6-4.el7_8.x86_64.rpm
unbound-python-1.6.6-4.el7_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-12662
https://access.redhat.com/security/cve/CVE-2020-12663
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXt3139zjgjWX9erEAQiAxA//Sl2CMryT+nEAXdFVWagb5nQ3q71oQy/8
FD4rLJRShX1F6dtiB7IA0eHNfTVi4Xt0oJuC2YfIXl8yVV4l4HSQPyfrHoKC71xq
1x/BDjNeEjprB2wthA/tHr2Uz2E6+p74VwT+9nHG1juWE/j1/JFQCvQrzlV+PP+3
7jF7oyOXNxEbb3IJH3MPgItgVDtk2M5t9ZkW0lfWJ+jwivsgW20XF/Ug3rJXWe98
RYBtGoXhFO8hUkZeU52pCEOmlzIxikJ/7XqlG5hyytUqZhQrG+jZSxYBFpFRIBOW
6MS2t8qky4ZiR9gm8A0ptrkkjUQ7/76kPS5M/IKxmeJAgxGDV3R4WnOiNq1bMSx6
3Vprw4/xaM65vkgpqR5zLOujnN/R1VKnAJ1b8wjP90cyASsfevFrB1zS4i1NRSPa
V90zEQjgHPW69fidGrPABB/9YaoJ+TOLREfhQ32Ir+AfN2L5lLDhZIXurJmzpDKG
c27nFOXsy4r6TrkX7a27CfKhUNnr2RIU17owPKV3mgiJsMR9CrYtjRF+E/htiITK
bhQnvDS3GvNi6SBurj3CFp0WEHacZGvBoLYz3BCKMVZEJ/bS38+FT69qzXvF+Jmh
EizivP2WPyMd/tYaw6zpz5sS46uTpdBawBv9bE+wE9q2R2WkEuqniCn8fFmekgYt
3JPkbBIHBE8=
=fKlO
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: unbound security update
Advisory ID: RHSA-2020:2416-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2416
Issue date: 2020-06-08
CVE Names: CVE-2020-12662 CVE-2020-12663
=====================================================================
1. Summary:
An update for unbound is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The unbound packages provide a validating, recursive, and caching DNS or
DNSSEC resolver.
Security Fix(es):
* unbound: amplification of an incoming query into a large number of
queries directed to a target (CVE-2020-12662)
* unbound: infinite loop via malformed DNS answers received from upstream
servers (CVE-2020-12663)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target
1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
unbound-1.7.3-11.el8_2.src.rpm
aarch64:
python3-unbound-1.7.3-11.el8_2.aarch64.rpm
python3-unbound-debuginfo-1.7.3-11.el8_2.aarch64.rpm
unbound-1.7.3-11.el8_2.aarch64.rpm
unbound-debuginfo-1.7.3-11.el8_2.aarch64.rpm
unbound-debugsource-1.7.3-11.el8_2.aarch64.rpm
unbound-devel-1.7.3-11.el8_2.aarch64.rpm
unbound-libs-1.7.3-11.el8_2.aarch64.rpm
unbound-libs-debuginfo-1.7.3-11.el8_2.aarch64.rpm
ppc64le:
python3-unbound-1.7.3-11.el8_2.ppc64le.rpm
python3-unbound-debuginfo-1.7.3-11.el8_2.ppc64le.rpm
unbound-1.7.3-11.el8_2.ppc64le.rpm
unbound-debuginfo-1.7.3-11.el8_2.ppc64le.rpm
unbound-debugsource-1.7.3-11.el8_2.ppc64le.rpm
unbound-devel-1.7.3-11.el8_2.ppc64le.rpm
unbound-libs-1.7.3-11.el8_2.ppc64le.rpm
unbound-libs-debuginfo-1.7.3-11.el8_2.ppc64le.rpm
s390x:
python3-unbound-1.7.3-11.el8_2.s390x.rpm
python3-unbound-debuginfo-1.7.3-11.el8_2.s390x.rpm
unbound-1.7.3-11.el8_2.s390x.rpm
unbound-debuginfo-1.7.3-11.el8_2.s390x.rpm
unbound-debugsource-1.7.3-11.el8_2.s390x.rpm
unbound-devel-1.7.3-11.el8_2.s390x.rpm
unbound-libs-1.7.3-11.el8_2.s390x.rpm
unbound-libs-debuginfo-1.7.3-11.el8_2.s390x.rpm
x86_64:
python3-unbound-1.7.3-11.el8_2.x86_64.rpm
python3-unbound-debuginfo-1.7.3-11.el8_2.i686.rpm
python3-unbound-debuginfo-1.7.3-11.el8_2.x86_64.rpm
unbound-1.7.3-11.el8_2.x86_64.rpm
unbound-debuginfo-1.7.3-11.el8_2.i686.rpm
unbound-debuginfo-1.7.3-11.el8_2.x86_64.rpm
unbound-debugsource-1.7.3-11.el8_2.i686.rpm
unbound-debugsource-1.7.3-11.el8_2.x86_64.rpm
unbound-devel-1.7.3-11.el8_2.i686.rpm
unbound-devel-1.7.3-11.el8_2.x86_64.rpm
unbound-libs-1.7.3-11.el8_2.i686.rpm
unbound-libs-1.7.3-11.el8_2.x86_64.rpm
unbound-libs-debuginfo-1.7.3-11.el8_2.i686.rpm
unbound-libs-debuginfo-1.7.3-11.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-12662
https://access.redhat.com/security/cve/CVE-2020-12663
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXt4G+9zjgjWX9erEAQijNQ//RJUuxvb2nq5bzpu8+T6m2zthe9Py1cJ8
U5E41kjnyUTAv9R9TUMyBCYVzzxZK8d+i6zX6hTlfsrDCouQJxfbNNLmgaBdhX/I
rSLt16ir9ao+7Yy5naHcdQrVyO1GAT9mqE6pxV+zuxL//4/X9/h+hivn8MQy2+FO
kKPwbGjFr17wiFhH4k8QAsbUpSZdHPIaNybCmXj6OZ80OZunv8WbdpEGEDOkKbUS
2NBU2eFIAp+Gi4JPyNYjplFy8WWvIJ9rmUThl0QRussTte/EYpYFXoqBj1QwDUzw
hUcmf2eEluYwjdTWtJmjs8WLvSd/qaOA/lEsmCly/78oSDdEy0O1uQkX+JjUktCJ
wxJlgCNDrS/iEl+3TMK46qYkR3k2alAwjMJrGid9dgrWj/k6xwlTk75jgA8mCOsq
PPHxgORAlpIEc+mC1rhSqgfMqK1yIsxBhh/Qb0cEsV3iMDfOhlZ544mOygmH6IbY
yCGdCPQBMp8vx/J5ilbzP99H1y2UWNLShw6pNB6i8pPIe2Ahnog6SxupxTJDFOzu
Myb98jeFYItNyVjLOpzxYC/0dyX3VlZKfC8EL9A/E7tEcaAQOD8Kqz1TMopKTEGQ
+QwcIQLB2ygdVkfEXAEpTx0WUXBVNKtDKpeeIkXk6FwXmkbijJz2ab88qy8js4cE
Bd6+GFZyrIQ=
=dg5P
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: unbound security update
Advisory ID: RHSA-2020:2418-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2418
Issue date: 2020-06-08
CVE Names: CVE-2020-12662 CVE-2020-12663
=====================================================================
1. Summary:
An update for unbound is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64
3. Description:
The unbound packages provide a validating, recursive, and caching DNS or
DNSSEC resolver.
Security Fix(es):
* unbound: amplification of an incoming query into a large number of
queries directed to a target (CVE-2020-12662)
* unbound: infinite loop via malformed DNS answers received from upstream
servers (CVE-2020-12663)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target
1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
6. Package List:
Red Hat Enterprise Linux AppStream E4S (v. 8.0):
Source:
unbound-1.7.3-9.el8_0.src.rpm
aarch64:
python3-unbound-1.7.3-9.el8_0.aarch64.rpm
python3-unbound-debuginfo-1.7.3-9.el8_0.aarch64.rpm
unbound-1.7.3-9.el8_0.aarch64.rpm
unbound-debuginfo-1.7.3-9.el8_0.aarch64.rpm
unbound-debugsource-1.7.3-9.el8_0.aarch64.rpm
unbound-devel-1.7.3-9.el8_0.aarch64.rpm
unbound-libs-1.7.3-9.el8_0.aarch64.rpm
unbound-libs-debuginfo-1.7.3-9.el8_0.aarch64.rpm
ppc64le:
python3-unbound-1.7.3-9.el8_0.ppc64le.rpm
python3-unbound-debuginfo-1.7.3-9.el8_0.ppc64le.rpm
unbound-1.7.3-9.el8_0.ppc64le.rpm
unbound-debuginfo-1.7.3-9.el8_0.ppc64le.rpm
unbound-debugsource-1.7.3-9.el8_0.ppc64le.rpm
unbound-devel-1.7.3-9.el8_0.ppc64le.rpm
unbound-libs-1.7.3-9.el8_0.ppc64le.rpm
unbound-libs-debuginfo-1.7.3-9.el8_0.ppc64le.rpm
s390x:
python3-unbound-1.7.3-9.el8_0.s390x.rpm
python3-unbound-debuginfo-1.7.3-9.el8_0.s390x.rpm
unbound-1.7.3-9.el8_0.s390x.rpm
unbound-debuginfo-1.7.3-9.el8_0.s390x.rpm
unbound-debugsource-1.7.3-9.el8_0.s390x.rpm
unbound-devel-1.7.3-9.el8_0.s390x.rpm
unbound-libs-1.7.3-9.el8_0.s390x.rpm
unbound-libs-debuginfo-1.7.3-9.el8_0.s390x.rpm
x86_64:
python3-unbound-1.7.3-9.el8_0.x86_64.rpm
python3-unbound-debuginfo-1.7.3-9.el8_0.i686.rpm
python3-unbound-debuginfo-1.7.3-9.el8_0.x86_64.rpm
unbound-1.7.3-9.el8_0.x86_64.rpm
unbound-debuginfo-1.7.3-9.el8_0.i686.rpm
unbound-debuginfo-1.7.3-9.el8_0.x86_64.rpm
unbound-debugsource-1.7.3-9.el8_0.i686.rpm
unbound-debugsource-1.7.3-9.el8_0.x86_64.rpm
unbound-devel-1.7.3-9.el8_0.i686.rpm
unbound-devel-1.7.3-9.el8_0.x86_64.rpm
unbound-libs-1.7.3-9.el8_0.i686.rpm
unbound-libs-1.7.3-9.el8_0.x86_64.rpm
unbound-libs-debuginfo-1.7.3-9.el8_0.i686.rpm
unbound-libs-debuginfo-1.7.3-9.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-12662
https://access.redhat.com/security/cve/CVE-2020-12663
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXt4QWtzjgjWX9erEAQiCow/9GvBk35k/Hqvgz3+TRscN3tChIm6Fi3En
BK7VUPvaUOItOXdz19QRvrqztId/vYttD9fJxt/goZGkpg56y4ahX9+eiWfE3Ncx
xgYGyTy3WJ+cT9AeiuGhLT2BFG6o56Hy9JI5q7HoHW3W18beGJFNf9M14LjTmp9E
mJbit5QDVQKelZRoPYHtR38FN23fgZCD0uCEHgdhQgVzC7hOh6zcaEuvLOw8lse+
2qPfcyvbKnSAtRycTVKrbrFvkiQRRqoOSFQtINZ/E9G8fF1pwG+dxRPoxj5s1fCv
z6gRXLTkhC/ks9ssjY5Nd4tbIHetgyKGsE3kwqwCB8EkPnzSJuBzDB//SqZaxIul
gioeURg2PIPXRmFDnzXUEdQkhBPW7nX+4kqnXtrbr/m7y3YLI16IvpJ6emA00yp5
dYNJA680qTGJHvgBI1a8rxsdrJTo2j6sz56FJfqe0plNRIn26krqCqC1rzg+JlNM
PH+XAPuVyTtsqXKHEeocJeF7SjeC40JawZHMy4vr4VIk2j2TUJByNmNtHPPW17jq
1izZ55fFr3nPZo3nVtP7RzG473V28Gk3kF6Aqu04zrocg/Gx59ZIBqYR1GRlMrfA
3C/RdLhWJu1qmmD/aPM6IvAE9lVV8miMPXvbwUyOqmiA7MGXl8J/TKnDyOYUhl1n
rh4AmkOHddM=
=ecr8
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: unbound security update
Advisory ID: RHSA-2020:2419-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2419
Issue date: 2020-06-08
CVE Names: CVE-2020-12662 CVE-2020-12663
=====================================================================
1. Summary:
An update for unbound is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64
3. Description:
The unbound packages provide a validating, recursive, and caching DNS or
DNSSEC resolver.
Security Fix(es):
* unbound: amplification of an incoming query into a large number of
queries directed to a target (CVE-2020-12662)
* unbound: infinite loop via malformed DNS answers received from upstream
servers (CVE-2020-12663)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target
1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
unbound-1.7.3-9.el8_1.src.rpm
aarch64:
python3-unbound-1.7.3-9.el8_1.aarch64.rpm
python3-unbound-debuginfo-1.7.3-9.el8_1.aarch64.rpm
unbound-1.7.3-9.el8_1.aarch64.rpm
unbound-debuginfo-1.7.3-9.el8_1.aarch64.rpm
unbound-debugsource-1.7.3-9.el8_1.aarch64.rpm
unbound-devel-1.7.3-9.el8_1.aarch64.rpm
unbound-libs-1.7.3-9.el8_1.aarch64.rpm
unbound-libs-debuginfo-1.7.3-9.el8_1.aarch64.rpm
ppc64le:
python3-unbound-1.7.3-9.el8_1.ppc64le.rpm
python3-unbound-debuginfo-1.7.3-9.el8_1.ppc64le.rpm
unbound-1.7.3-9.el8_1.ppc64le.rpm
unbound-debuginfo-1.7.3-9.el8_1.ppc64le.rpm
unbound-debugsource-1.7.3-9.el8_1.ppc64le.rpm
unbound-devel-1.7.3-9.el8_1.ppc64le.rpm
unbound-libs-1.7.3-9.el8_1.ppc64le.rpm
unbound-libs-debuginfo-1.7.3-9.el8_1.ppc64le.rpm
s390x:
python3-unbound-1.7.3-9.el8_1.s390x.rpm
python3-unbound-debuginfo-1.7.3-9.el8_1.s390x.rpm
unbound-1.7.3-9.el8_1.s390x.rpm
unbound-debuginfo-1.7.3-9.el8_1.s390x.rpm
unbound-debugsource-1.7.3-9.el8_1.s390x.rpm
unbound-devel-1.7.3-9.el8_1.s390x.rpm
unbound-libs-1.7.3-9.el8_1.s390x.rpm
unbound-libs-debuginfo-1.7.3-9.el8_1.s390x.rpm
x86_64:
python3-unbound-1.7.3-9.el8_1.x86_64.rpm
python3-unbound-debuginfo-1.7.3-9.el8_1.i686.rpm
python3-unbound-debuginfo-1.7.3-9.el8_1.x86_64.rpm
unbound-1.7.3-9.el8_1.x86_64.rpm
unbound-debuginfo-1.7.3-9.el8_1.i686.rpm
unbound-debuginfo-1.7.3-9.el8_1.x86_64.rpm
unbound-debugsource-1.7.3-9.el8_1.i686.rpm
unbound-debugsource-1.7.3-9.el8_1.x86_64.rpm
unbound-devel-1.7.3-9.el8_1.i686.rpm
unbound-devel-1.7.3-9.el8_1.x86_64.rpm
unbound-libs-1.7.3-9.el8_1.i686.rpm
unbound-libs-1.7.3-9.el8_1.x86_64.rpm
unbound-libs-debuginfo-1.7.3-9.el8_1.i686.rpm
unbound-libs-debuginfo-1.7.3-9.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-12662
https://access.redhat.com/security/cve/CVE-2020-12663
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXt4R/9zjgjWX9erEAQjHFg/+KV+8wOKlADE05U8lSffqpK2gjj7LqM7X
0XO3ABTvS1ISwrsOZrqyVRzpStJdpwAcDCuzVxWthCM7G2FGMo/6YMzYEdOK1DL3
yeLOhzih3WJcnEPzAYRjfN1NFvY52zD30T2llnO3Oym07h5JYoiS7VBe13asbIPN
ypcf9lF+QDP1FheOfLmORJCSWHTT2skwpRnLFVrw5Dvi8IGyDl17dUkNX72M6/4g
ImXBgKmin6cFVfQDSX0AwxFctB25tutRfSeYXaKoROTFMb4d4DqzuEuwQttoCaqg
HCJ4821CI9pQcQe8ECAcrs2mjtwOqh1T/XYtyuoZXiPxksmTa1FzWBhHYtlRqdhG
M+NvZ9szKqOc82ZzeOVA8edccpOTw6bG7XjjIplz/nwP2TRfKpCYyQSt/Us9f5/K
gMJTX773Em6YHKqaSZPRbLUNEvSDOflpYd5tyKzjZUaAeNuZQm+e2bhxwQ3E2K5/
yU4z6ti8qBSlXSFg2FWeQQEw3rgRR/9pBcqgfOQLLkumaUq9ErFn+ZtfzxBux3UI
p1gDz0vY6geUUzCX5UPUrjeKh9gHIP2S7QmuMZ2iputjYHuOKz9A+3wklketPbj6
k9UsHrz613DXJBvTqymqGtPpNt/dy/OUuzG6DnGT3eZQ5EA5kejyfQHUbArphw3z
TZV7LeSzBbo=
=g9lH
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXt7UiONLKJtyKPYoAQg8ERAAiw+2KiSv7ZemDHJ/IOkZTwWquOWxGU3q
75SxRLmyFR+vEBPy4DG0JlimR5AV4fqoDovdsuIi2cjEmqwwuXlp5zcP95mP4vSK
UGsU6aFzVzFOMjPb4eqWwJSzmU5te/mrValR8mwEvoBFwDtOzcfLn1Z72NTLkbMn
brnPOFba62RQlXeepteEjsuKeQsg+57kFw9gN7alRudRca7anSqdAwgQsQrCqHVb
Cs3PWDmaxtFObD1uLKQsPKzVV5xW5pMui8T3hR0iZP4AQqRyY7SQfvzZ4Ss/i86z
j0HywAnwq+5I9dynF7t2lNBSeGwsADZQUSAobYjPhMqDgfYFXbbdYPBO7iaZygEU
GPtHbWJfFmcEQqxf07pYFXRl60klSuyEOB0k/3DsFpZVgsNd+07Cb3D58vGFGq5J
H4I75MNLMkHeTbtFaM5QDJ2Ty+9KJYNck0pXTPYKOqbS+0j9yFpv6+b9JifXjOTK
OtbBIEb/Pg2/bZEshR/UxeJoSrrI+lDFCT7CEi7uRJF1pFPAXBltHsMpfiejME54
tDP1O2ihN9csUWgkYeY5Mrq7Ss+5BrM8xE6/mUTm+wgm344iQklm+UdFrgQKwv1B
ZU3HMI8UBnijRrZcFSYFCY+PA7bnt4sNN2Qpw239Nm0UOfmeRolibNqCnwEqJAM5
QO2G/B+nnoo=
=J7rG
-----END PGP SIGNATURE-----