Advisories » MGASA-2021-0154

Updated unbound packages fix a security vulnerability

Publication date: 27 Mar 2021
Modification date: 27 Mar 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-28935

Description

Unbound contains a local vulnerability that would allow for a local symlink
attack. When writing the PID file Unbound creates the file if it is not there,
or opens an existing file for writing. In case the file was already present, it
would follow symlinks if the file happened to be a symlink instead of a regular
file (CVE-2020-28935).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28447
• https://www.debian.org/lts/security/2021/dla-2556
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28935

SRPMS

7/core

• unbound-1.10.1-1.1.mga7