Advisories » MGASA-2020-0224

Updated unbound packages fix security vulnerabilities

Publication date: 24 May 2020
Modification date: 24 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-12662 , CVE-2020-12663

Description

Updated unbound packages fix security vulnerabilities:

Unbound can be tricked into amplifying an incoming query into a
large number of queries directed to a target (CVE-2020-12662).

Malformed answers from upstream name servers can be used to make
Unbound unresponsive (CVE-2020-12663).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26646
• https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12662
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12663

SRPMS

7/core

• unbound-1.10.1-1.mga7