Advisories » MGASA-2018-0091

Updated unbound packages fix security vulnerability

Publication date: 22 Jan 2018
Modification date: 22 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-15105

Description

Updated unbound packages to fix security vulnerability (CVE-2017-15105)
in the processing of wildcard synthesized NSEC records. While synthesis
of NSEC records is allowed by RFC4592, these synthesized owner names
should not be used in the NSEC processing. This was, however, happenning
in Unbound 1.6.7 and earlier versions.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22423
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15105

SRPMS

6/core

• unbound-1.6.8-1.mga6