Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1987 unbound security update 9 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: unbound Publisher: Red Hat Operating System: Red Hat Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-12663 CVE-2020-12662 Reference: ESB-2020.1951 ESB-2020.1874 ESB-2020.1864 ESB-2020.1843 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:2414 https://access.redhat.com/errata/RHSA-2020:2416 https://access.redhat.com/errata/RHSA-2020:2418 https://access.redhat.com/errata/RHSA-2020:2419 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: unbound security update Advisory ID: RHSA-2020:2414-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2414 Issue date: 2020-06-08 CVE Names: CVE-2020-12662 CVE-2020-12663 ===================================================================== 1. Summary: An update for unbound is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target 1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: unbound-1.6.6-4.el7_8.src.rpm x86_64: unbound-1.6.6-4.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-libs-1.6.6-4.el7_8.i686.rpm unbound-libs-1.6.6-4.el7_8.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-devel-1.6.6-4.el7_8.i686.rpm unbound-devel-1.6.6-4.el7_8.x86_64.rpm unbound-python-1.6.6-4.el7_8.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: unbound-1.6.6-4.el7_8.src.rpm x86_64: unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-libs-1.6.6-4.el7_8.i686.rpm unbound-libs-1.6.6-4.el7_8.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: unbound-1.6.6-4.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-devel-1.6.6-4.el7_8.i686.rpm unbound-devel-1.6.6-4.el7_8.x86_64.rpm unbound-python-1.6.6-4.el7_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: unbound-1.6.6-4.el7_8.src.rpm ppc64: unbound-1.6.6-4.el7_8.ppc64.rpm unbound-debuginfo-1.6.6-4.el7_8.ppc.rpm unbound-debuginfo-1.6.6-4.el7_8.ppc64.rpm unbound-libs-1.6.6-4.el7_8.ppc.rpm unbound-libs-1.6.6-4.el7_8.ppc64.rpm ppc64le: unbound-1.6.6-4.el7_8.ppc64le.rpm unbound-debuginfo-1.6.6-4.el7_8.ppc64le.rpm unbound-libs-1.6.6-4.el7_8.ppc64le.rpm s390x: unbound-1.6.6-4.el7_8.s390x.rpm unbound-debuginfo-1.6.6-4.el7_8.s390.rpm unbound-debuginfo-1.6.6-4.el7_8.s390x.rpm unbound-libs-1.6.6-4.el7_8.s390.rpm unbound-libs-1.6.6-4.el7_8.s390x.rpm x86_64: unbound-1.6.6-4.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-libs-1.6.6-4.el7_8.i686.rpm unbound-libs-1.6.6-4.el7_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: unbound-debuginfo-1.6.6-4.el7_8.ppc.rpm unbound-debuginfo-1.6.6-4.el7_8.ppc64.rpm unbound-devel-1.6.6-4.el7_8.ppc.rpm unbound-devel-1.6.6-4.el7_8.ppc64.rpm unbound-python-1.6.6-4.el7_8.ppc64.rpm ppc64le: unbound-debuginfo-1.6.6-4.el7_8.ppc64le.rpm unbound-devel-1.6.6-4.el7_8.ppc64le.rpm unbound-python-1.6.6-4.el7_8.ppc64le.rpm s390x: unbound-debuginfo-1.6.6-4.el7_8.s390.rpm unbound-debuginfo-1.6.6-4.el7_8.s390x.rpm unbound-devel-1.6.6-4.el7_8.s390.rpm unbound-devel-1.6.6-4.el7_8.s390x.rpm unbound-python-1.6.6-4.el7_8.s390x.rpm x86_64: unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-devel-1.6.6-4.el7_8.i686.rpm unbound-devel-1.6.6-4.el7_8.x86_64.rpm unbound-python-1.6.6-4.el7_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: unbound-1.6.6-4.el7_8.src.rpm x86_64: unbound-1.6.6-4.el7_8.x86_64.rpm unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-libs-1.6.6-4.el7_8.i686.rpm unbound-libs-1.6.6-4.el7_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: unbound-debuginfo-1.6.6-4.el7_8.i686.rpm unbound-debuginfo-1.6.6-4.el7_8.x86_64.rpm unbound-devel-1.6.6-4.el7_8.i686.rpm unbound-devel-1.6.6-4.el7_8.x86_64.rpm unbound-python-1.6.6-4.el7_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12662 https://access.redhat.com/security/cve/CVE-2020-12663 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXt3139zjgjWX9erEAQiAxA//Sl2CMryT+nEAXdFVWagb5nQ3q71oQy/8 FD4rLJRShX1F6dtiB7IA0eHNfTVi4Xt0oJuC2YfIXl8yVV4l4HSQPyfrHoKC71xq 1x/BDjNeEjprB2wthA/tHr2Uz2E6+p74VwT+9nHG1juWE/j1/JFQCvQrzlV+PP+3 7jF7oyOXNxEbb3IJH3MPgItgVDtk2M5t9ZkW0lfWJ+jwivsgW20XF/Ug3rJXWe98 RYBtGoXhFO8hUkZeU52pCEOmlzIxikJ/7XqlG5hyytUqZhQrG+jZSxYBFpFRIBOW 6MS2t8qky4ZiR9gm8A0ptrkkjUQ7/76kPS5M/IKxmeJAgxGDV3R4WnOiNq1bMSx6 3Vprw4/xaM65vkgpqR5zLOujnN/R1VKnAJ1b8wjP90cyASsfevFrB1zS4i1NRSPa V90zEQjgHPW69fidGrPABB/9YaoJ+TOLREfhQ32Ir+AfN2L5lLDhZIXurJmzpDKG c27nFOXsy4r6TrkX7a27CfKhUNnr2RIU17owPKV3mgiJsMR9CrYtjRF+E/htiITK bhQnvDS3GvNi6SBurj3CFp0WEHacZGvBoLYz3BCKMVZEJ/bS38+FT69qzXvF+Jmh EizivP2WPyMd/tYaw6zpz5sS46uTpdBawBv9bE+wE9q2R2WkEuqniCn8fFmekgYt 3JPkbBIHBE8= =fKlO - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: unbound security update Advisory ID: RHSA-2020:2416-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2416 Issue date: 2020-06-08 CVE Names: CVE-2020-12662 CVE-2020-12663 ===================================================================== 1. Summary: An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target 1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: unbound-1.7.3-11.el8_2.src.rpm aarch64: python3-unbound-1.7.3-11.el8_2.aarch64.rpm python3-unbound-debuginfo-1.7.3-11.el8_2.aarch64.rpm unbound-1.7.3-11.el8_2.aarch64.rpm unbound-debuginfo-1.7.3-11.el8_2.aarch64.rpm unbound-debugsource-1.7.3-11.el8_2.aarch64.rpm unbound-devel-1.7.3-11.el8_2.aarch64.rpm unbound-libs-1.7.3-11.el8_2.aarch64.rpm unbound-libs-debuginfo-1.7.3-11.el8_2.aarch64.rpm ppc64le: python3-unbound-1.7.3-11.el8_2.ppc64le.rpm python3-unbound-debuginfo-1.7.3-11.el8_2.ppc64le.rpm unbound-1.7.3-11.el8_2.ppc64le.rpm unbound-debuginfo-1.7.3-11.el8_2.ppc64le.rpm unbound-debugsource-1.7.3-11.el8_2.ppc64le.rpm unbound-devel-1.7.3-11.el8_2.ppc64le.rpm unbound-libs-1.7.3-11.el8_2.ppc64le.rpm unbound-libs-debuginfo-1.7.3-11.el8_2.ppc64le.rpm s390x: python3-unbound-1.7.3-11.el8_2.s390x.rpm python3-unbound-debuginfo-1.7.3-11.el8_2.s390x.rpm unbound-1.7.3-11.el8_2.s390x.rpm unbound-debuginfo-1.7.3-11.el8_2.s390x.rpm unbound-debugsource-1.7.3-11.el8_2.s390x.rpm unbound-devel-1.7.3-11.el8_2.s390x.rpm unbound-libs-1.7.3-11.el8_2.s390x.rpm unbound-libs-debuginfo-1.7.3-11.el8_2.s390x.rpm x86_64: python3-unbound-1.7.3-11.el8_2.x86_64.rpm python3-unbound-debuginfo-1.7.3-11.el8_2.i686.rpm python3-unbound-debuginfo-1.7.3-11.el8_2.x86_64.rpm unbound-1.7.3-11.el8_2.x86_64.rpm unbound-debuginfo-1.7.3-11.el8_2.i686.rpm unbound-debuginfo-1.7.3-11.el8_2.x86_64.rpm unbound-debugsource-1.7.3-11.el8_2.i686.rpm unbound-debugsource-1.7.3-11.el8_2.x86_64.rpm unbound-devel-1.7.3-11.el8_2.i686.rpm unbound-devel-1.7.3-11.el8_2.x86_64.rpm unbound-libs-1.7.3-11.el8_2.i686.rpm unbound-libs-1.7.3-11.el8_2.x86_64.rpm unbound-libs-debuginfo-1.7.3-11.el8_2.i686.rpm unbound-libs-debuginfo-1.7.3-11.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12662 https://access.redhat.com/security/cve/CVE-2020-12663 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXt4G+9zjgjWX9erEAQijNQ//RJUuxvb2nq5bzpu8+T6m2zthe9Py1cJ8 U5E41kjnyUTAv9R9TUMyBCYVzzxZK8d+i6zX6hTlfsrDCouQJxfbNNLmgaBdhX/I rSLt16ir9ao+7Yy5naHcdQrVyO1GAT9mqE6pxV+zuxL//4/X9/h+hivn8MQy2+FO kKPwbGjFr17wiFhH4k8QAsbUpSZdHPIaNybCmXj6OZ80OZunv8WbdpEGEDOkKbUS 2NBU2eFIAp+Gi4JPyNYjplFy8WWvIJ9rmUThl0QRussTte/EYpYFXoqBj1QwDUzw hUcmf2eEluYwjdTWtJmjs8WLvSd/qaOA/lEsmCly/78oSDdEy0O1uQkX+JjUktCJ wxJlgCNDrS/iEl+3TMK46qYkR3k2alAwjMJrGid9dgrWj/k6xwlTk75jgA8mCOsq PPHxgORAlpIEc+mC1rhSqgfMqK1yIsxBhh/Qb0cEsV3iMDfOhlZ544mOygmH6IbY yCGdCPQBMp8vx/J5ilbzP99H1y2UWNLShw6pNB6i8pPIe2Ahnog6SxupxTJDFOzu Myb98jeFYItNyVjLOpzxYC/0dyX3VlZKfC8EL9A/E7tEcaAQOD8Kqz1TMopKTEGQ +QwcIQLB2ygdVkfEXAEpTx0WUXBVNKtDKpeeIkXk6FwXmkbijJz2ab88qy8js4cE Bd6+GFZyrIQ= =dg5P - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: unbound security update Advisory ID: RHSA-2020:2418-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2418 Issue date: 2020-06-08 CVE Names: CVE-2020-12662 CVE-2020-12663 ===================================================================== 1. Summary: An update for unbound is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target 1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.0): Source: unbound-1.7.3-9.el8_0.src.rpm aarch64: python3-unbound-1.7.3-9.el8_0.aarch64.rpm python3-unbound-debuginfo-1.7.3-9.el8_0.aarch64.rpm unbound-1.7.3-9.el8_0.aarch64.rpm unbound-debuginfo-1.7.3-9.el8_0.aarch64.rpm unbound-debugsource-1.7.3-9.el8_0.aarch64.rpm unbound-devel-1.7.3-9.el8_0.aarch64.rpm unbound-libs-1.7.3-9.el8_0.aarch64.rpm unbound-libs-debuginfo-1.7.3-9.el8_0.aarch64.rpm ppc64le: python3-unbound-1.7.3-9.el8_0.ppc64le.rpm python3-unbound-debuginfo-1.7.3-9.el8_0.ppc64le.rpm unbound-1.7.3-9.el8_0.ppc64le.rpm unbound-debuginfo-1.7.3-9.el8_0.ppc64le.rpm unbound-debugsource-1.7.3-9.el8_0.ppc64le.rpm unbound-devel-1.7.3-9.el8_0.ppc64le.rpm unbound-libs-1.7.3-9.el8_0.ppc64le.rpm unbound-libs-debuginfo-1.7.3-9.el8_0.ppc64le.rpm s390x: python3-unbound-1.7.3-9.el8_0.s390x.rpm python3-unbound-debuginfo-1.7.3-9.el8_0.s390x.rpm unbound-1.7.3-9.el8_0.s390x.rpm unbound-debuginfo-1.7.3-9.el8_0.s390x.rpm unbound-debugsource-1.7.3-9.el8_0.s390x.rpm unbound-devel-1.7.3-9.el8_0.s390x.rpm unbound-libs-1.7.3-9.el8_0.s390x.rpm unbound-libs-debuginfo-1.7.3-9.el8_0.s390x.rpm x86_64: python3-unbound-1.7.3-9.el8_0.x86_64.rpm python3-unbound-debuginfo-1.7.3-9.el8_0.i686.rpm python3-unbound-debuginfo-1.7.3-9.el8_0.x86_64.rpm unbound-1.7.3-9.el8_0.x86_64.rpm unbound-debuginfo-1.7.3-9.el8_0.i686.rpm unbound-debuginfo-1.7.3-9.el8_0.x86_64.rpm unbound-debugsource-1.7.3-9.el8_0.i686.rpm unbound-debugsource-1.7.3-9.el8_0.x86_64.rpm unbound-devel-1.7.3-9.el8_0.i686.rpm unbound-devel-1.7.3-9.el8_0.x86_64.rpm unbound-libs-1.7.3-9.el8_0.i686.rpm unbound-libs-1.7.3-9.el8_0.x86_64.rpm unbound-libs-debuginfo-1.7.3-9.el8_0.i686.rpm unbound-libs-debuginfo-1.7.3-9.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12662 https://access.redhat.com/security/cve/CVE-2020-12663 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXt4QWtzjgjWX9erEAQiCow/9GvBk35k/Hqvgz3+TRscN3tChIm6Fi3En BK7VUPvaUOItOXdz19QRvrqztId/vYttD9fJxt/goZGkpg56y4ahX9+eiWfE3Ncx xgYGyTy3WJ+cT9AeiuGhLT2BFG6o56Hy9JI5q7HoHW3W18beGJFNf9M14LjTmp9E mJbit5QDVQKelZRoPYHtR38FN23fgZCD0uCEHgdhQgVzC7hOh6zcaEuvLOw8lse+ 2qPfcyvbKnSAtRycTVKrbrFvkiQRRqoOSFQtINZ/E9G8fF1pwG+dxRPoxj5s1fCv z6gRXLTkhC/ks9ssjY5Nd4tbIHetgyKGsE3kwqwCB8EkPnzSJuBzDB//SqZaxIul gioeURg2PIPXRmFDnzXUEdQkhBPW7nX+4kqnXtrbr/m7y3YLI16IvpJ6emA00yp5 dYNJA680qTGJHvgBI1a8rxsdrJTo2j6sz56FJfqe0plNRIn26krqCqC1rzg+JlNM PH+XAPuVyTtsqXKHEeocJeF7SjeC40JawZHMy4vr4VIk2j2TUJByNmNtHPPW17jq 1izZ55fFr3nPZo3nVtP7RzG473V28Gk3kF6Aqu04zrocg/Gx59ZIBqYR1GRlMrfA 3C/RdLhWJu1qmmD/aPM6IvAE9lVV8miMPXvbwUyOqmiA7MGXl8J/TKnDyOYUhl1n rh4AmkOHddM= =ecr8 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: unbound security update Advisory ID: RHSA-2020:2419-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2419 Issue date: 2020-06-08 CVE Names: CVE-2020-12662 CVE-2020-12663 ===================================================================== 1. Summary: An update for unbound is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1837597 - CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target 1837604 - CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: unbound-1.7.3-9.el8_1.src.rpm aarch64: python3-unbound-1.7.3-9.el8_1.aarch64.rpm python3-unbound-debuginfo-1.7.3-9.el8_1.aarch64.rpm unbound-1.7.3-9.el8_1.aarch64.rpm unbound-debuginfo-1.7.3-9.el8_1.aarch64.rpm unbound-debugsource-1.7.3-9.el8_1.aarch64.rpm unbound-devel-1.7.3-9.el8_1.aarch64.rpm unbound-libs-1.7.3-9.el8_1.aarch64.rpm unbound-libs-debuginfo-1.7.3-9.el8_1.aarch64.rpm ppc64le: python3-unbound-1.7.3-9.el8_1.ppc64le.rpm python3-unbound-debuginfo-1.7.3-9.el8_1.ppc64le.rpm unbound-1.7.3-9.el8_1.ppc64le.rpm unbound-debuginfo-1.7.3-9.el8_1.ppc64le.rpm unbound-debugsource-1.7.3-9.el8_1.ppc64le.rpm unbound-devel-1.7.3-9.el8_1.ppc64le.rpm unbound-libs-1.7.3-9.el8_1.ppc64le.rpm unbound-libs-debuginfo-1.7.3-9.el8_1.ppc64le.rpm s390x: python3-unbound-1.7.3-9.el8_1.s390x.rpm python3-unbound-debuginfo-1.7.3-9.el8_1.s390x.rpm unbound-1.7.3-9.el8_1.s390x.rpm unbound-debuginfo-1.7.3-9.el8_1.s390x.rpm unbound-debugsource-1.7.3-9.el8_1.s390x.rpm unbound-devel-1.7.3-9.el8_1.s390x.rpm unbound-libs-1.7.3-9.el8_1.s390x.rpm unbound-libs-debuginfo-1.7.3-9.el8_1.s390x.rpm x86_64: python3-unbound-1.7.3-9.el8_1.x86_64.rpm python3-unbound-debuginfo-1.7.3-9.el8_1.i686.rpm python3-unbound-debuginfo-1.7.3-9.el8_1.x86_64.rpm unbound-1.7.3-9.el8_1.x86_64.rpm unbound-debuginfo-1.7.3-9.el8_1.i686.rpm unbound-debuginfo-1.7.3-9.el8_1.x86_64.rpm unbound-debugsource-1.7.3-9.el8_1.i686.rpm unbound-debugsource-1.7.3-9.el8_1.x86_64.rpm unbound-devel-1.7.3-9.el8_1.i686.rpm unbound-devel-1.7.3-9.el8_1.x86_64.rpm unbound-libs-1.7.3-9.el8_1.i686.rpm unbound-libs-1.7.3-9.el8_1.x86_64.rpm unbound-libs-debuginfo-1.7.3-9.el8_1.i686.rpm unbound-libs-debuginfo-1.7.3-9.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12662 https://access.redhat.com/security/cve/CVE-2020-12663 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXt4R/9zjgjWX9erEAQjHFg/+KV+8wOKlADE05U8lSffqpK2gjj7LqM7X 0XO3ABTvS1ISwrsOZrqyVRzpStJdpwAcDCuzVxWthCM7G2FGMo/6YMzYEdOK1DL3 yeLOhzih3WJcnEPzAYRjfN1NFvY52zD30T2llnO3Oym07h5JYoiS7VBe13asbIPN ypcf9lF+QDP1FheOfLmORJCSWHTT2skwpRnLFVrw5Dvi8IGyDl17dUkNX72M6/4g ImXBgKmin6cFVfQDSX0AwxFctB25tutRfSeYXaKoROTFMb4d4DqzuEuwQttoCaqg HCJ4821CI9pQcQe8ECAcrs2mjtwOqh1T/XYtyuoZXiPxksmTa1FzWBhHYtlRqdhG M+NvZ9szKqOc82ZzeOVA8edccpOTw6bG7XjjIplz/nwP2TRfKpCYyQSt/Us9f5/K gMJTX773Em6YHKqaSZPRbLUNEvSDOflpYd5tyKzjZUaAeNuZQm+e2bhxwQ3E2K5/ yU4z6ti8qBSlXSFg2FWeQQEw3rgRR/9pBcqgfOQLLkumaUq9ErFn+ZtfzxBux3UI p1gDz0vY6geUUzCX5UPUrjeKh9gHIP2S7QmuMZ2iputjYHuOKz9A+3wklketPbj6 k9UsHrz613DXJBvTqymqGtPpNt/dy/OUuzG6DnGT3eZQ5EA5kejyfQHUbArphw3z TZV7LeSzBbo= =g9lH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXt7UiONLKJtyKPYoAQg8ERAAiw+2KiSv7ZemDHJ/IOkZTwWquOWxGU3q 75SxRLmyFR+vEBPy4DG0JlimR5AV4fqoDovdsuIi2cjEmqwwuXlp5zcP95mP4vSK UGsU6aFzVzFOMjPb4eqWwJSzmU5te/mrValR8mwEvoBFwDtOzcfLn1Z72NTLkbMn brnPOFba62RQlXeepteEjsuKeQsg+57kFw9gN7alRudRca7anSqdAwgQsQrCqHVb Cs3PWDmaxtFObD1uLKQsPKzVV5xW5pMui8T3hR0iZP4AQqRyY7SQfvzZ4Ss/i86z j0HywAnwq+5I9dynF7t2lNBSeGwsADZQUSAobYjPhMqDgfYFXbbdYPBO7iaZygEU GPtHbWJfFmcEQqxf07pYFXRl60klSuyEOB0k/3DsFpZVgsNd+07Cb3D58vGFGq5J H4I75MNLMkHeTbtFaM5QDJ2Ty+9KJYNck0pXTPYKOqbS+0j9yFpv6+b9JifXjOTK OtbBIEb/Pg2/bZEshR/UxeJoSrrI+lDFCT7CEi7uRJF1pFPAXBltHsMpfiejME54 tDP1O2ihN9csUWgkYeY5Mrq7Ss+5BrM8xE6/mUTm+wgm344iQklm+UdFrgQKwv1B ZU3HMI8UBnijRrZcFSYFCY+PA7bnt4sNN2Qpw239Nm0UOfmeRolibNqCnwEqJAM5 QO2G/B+nnoo= =J7rG -----END PGP SIGNATURE-----