[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3903-1] unbound security update



-------------------------------------------------------------------------
Debian LTS Advisory DLA-3903-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Daniel Leidert
September 29, 2024                            https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : unbound
Version        : 1.13.1-1+deb11u3
CVE ID         : CVE-2024-43167 CVE-2024-43168
Debian Bug     : 1078647

Two vulnerabilities were discovered in unbound, a validating,
recursive, caching DNS resolver. Specially crafted input could cause a
heap-buffer-overflow leading to memory corruption and potentially
causing the application to crash or allowing arbitrary code execution
(CVE-2024-43168). A NULL pointer dereference flaw could allow an
attacker who can invoke specific sequences of API calls to cause a
segmentation fault and a denial of service (CVE-2024-43167).

For Debian 11 bullseye, these problems have been fixed in version
1.13.1-1+deb11u3.

We recommend that you upgrade your unbound packages.

For the detailed security status of unbound please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unbound

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: