[SUA 125-1] Updated unbound version

To: debian-stable-announce@lists.debian.org
Subject: [SUA 125-1] Updated unbound version
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 09 Sep 2017 21:51:07 +0100
Message-id: <[🔎] 1504990267.22467.75.camel@adam-barratt.org.uk>
Mail-followup-to: debian-release@lists.debian.org
Reply-to: debian-release@lists.debian.org

-----------------------------------------------------------------------
Debian Stable Updates Announcement SUA 125-1      http://www.debian.org
debian-release@lists.debian.org                          Robert Edmonds
September 9th, 2017
-----------------------------------------------------------------------

Package              : unbound
Version              : 1.6.0-3+deb9u1 [stretch]
                       1.4.22-3+deb8u3 [jessie]
Importance           : medium

The keys used to authenticate the root DNS zone for DNSSEC are in the
process of being updated.  Currently two such keys are in use, but from
October 11th only the newer key will be in use.

Further information regarding the key change process can be found at
https://www.icann.org/resources/pages/ksk-rollover

unbound is a DNS resolver which can use DNSSEC in order to validate
the integrity of responses to DNS queries. This update fixes an issue
which meant that new installs of unbound performed between September
11th and October 11th would not be able to validate the root zones.

The update also forces an upgrade of the dns-root-data package to the
version included in SUA-123-1, ensuring that DNSSEC validation of the
root zones will continue to operate as expected after the key rollover.

If you use unbound with DNSSEC validation, we strongly recommend that
you install this update.

Upgrade Instructions
--------------------

You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:

 deb http://ftp.debian.org/debian stretch-updates main
 deb-src http://ftp.debian.org/debian stretch-updates main

 or

 deb http://ftp.debian.org/debian jessie-updates main
 deb-src http://ftp.debian.org/debian jessie-updates main

You can also use any of the Debian archive mirrors.  See
http://www.debian.org/mirrors/list for the full list of mirrors.

For further information about stable-updates, please refer to
http://lists.debian.org/debian-devel-announce/2011/03/msg00010.html

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [SUA 124-1] Updated bind9 version
Next by Date: [SUA 126-1] Updated dnsviz version
Previous by thread: [SUA 124-1] Updated bind9 version
Next by thread: [SUA 126-1] Updated dnsviz version
Index(es):
- Date
- Thread