Bug 10236

Summary: unbound security update (CVE-2019-16866)
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED DUPLICATE QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alzim, andrey.bondrov, denis.silakov, mc2374, pastordidi
Version: AllFlags: pastordidi: qa_verified-
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://linuxsecurity.com/advisories/debian/debian-dsa-4544-1-unbound-security-update-01-29-57
Whiteboard:
Platform: --- ROSA Vulnerability identifier: CVE-2019-16866
RPM Package: unbound ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2019-10-18 21:49:11 MSK 
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4544-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
October 16, 2019                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : unbound
CVE ID         : CVE-2019-16866
Debian Bug     : 941692

X41 D-Sec discovered that unbound, a validating, recursive, and
caching DNS resolver, did not correctly process some NOTIFY
queries. This could lead to remote denial-of-service by application
crash.

For the stable distribution (buster), this problem has been fixed in
version 1.9.0-2+deb10u1.

We recommend that you upgrade your unbound packages.

For the detailed security status of unbound please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unbound

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Comment 1 Zombie Ryushu 2019-11-09 18:59:01 MSK 
Versions before 1.9.4 allow accesses to uninitialized memory, which would
permit remote attackers to trigger a crash (CVE-2019-16866).
Comment 2 Andrey Bondrov 2019-11-11 13:40:36 MSK 
Advisory: "Update unbound to new version 1.9.4"

https://abf.rosalinux.ru/build_lists/3103019
https://abf.rosalinux.ru/build_lists/3103020

Advisory: "Rebuild gnutls with new unbound"

https://abf.rosalinux.ru/build_lists/3103024
https://abf.rosalinux.ru/build_lists/3103025
Comment 3 Dmitry Postnikov 2019-12-06 11:20:59 MSK 
New version in bug #10342
Comment 4 Dmitry Postnikov 2019-12-11 22:51:05 MSK 

*** This bug has been marked as a duplicate of bug 10342 ***