unbound 1.6.7-1ubuntu2.4 source package in Ubuntu

Changelog

unbound (1.6.7-1ubuntu2.4) bionic-security; urgency=medium

  * SECURITY UPDATE: configuration injection via MITM
    - debian/patches/CVE-2019-25031.patch: use https, remove special
      characters in contrib/create_unbound_ad_servers.sh.
    - CVE-2019-25031
  * SECURITY UPDATE: integer overflows in the regional allocator
    - debian/patches/CVE-2019-25032.patch: fix overflows in config.h.in,
      configure, configure.ac, util/regional.c.
    - CVE-2019-25032
    - CVE-2019-25033
  * SECURITY UPDATE: integer overflow in sldns_str2wire_dname_buf_origin
    - debian/patches/CVE-2019-25034.patch: check lengths in
      sldns/str2wire.c.
    - CVE-2019-25034
  * SECURITY UPDATE: out-of-bounds write in sldns_bget_token_par
    - debian/patches/CVE-2019-25035.patch: check for space in
      sldns/parse.c.
    - CVE-2019-25035
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25036.patch: validate lengths in
      iterator/iter_scrub.c.
    - CVE-2019-25036
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25037.patch: validate length in
      util/data/dname.c.
    - CVE-2019-25037
  * SECURITY UPDATE: integer overflow in a size calculation
    - debian/patches/CVE-2019-25038.patch: check for overflows in
      dnscrypt/dnscrypt.c, respip/respip.c.
    - CVE-2019-25038
    - CVE-2019-25039
  * SECURITY UPDATE: infinite loop and assertion fail via compressed name
    - debian/patches/CVE-2019-25040.patch: validate compression pointers in
      util/data/dname.c.
    - CVE-2019-25040
    - CVE-2019-25041
  * SECURITY UPDATE: out-of-bounds write via a compressed name
    - debian/patches/CVE-2019-25042.patch: move assert in
      util/data/msgreply.c.
    - CVE-2019-25042
  * SECURITY UPDATE: incorrect PID file handling
    - debian/patches/CVE-2020-28935.patch: check for symlinks in
      daemon/unbound.c.
    - CVE-2020-28935
  * debian/patches: rename debian-changes to misc-changes.patch.

 -- Marc Deslauriers <email address hidden>  Wed, 05 May 2021 07:38:50 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
unbound_1.6.7.orig.tar.gz 5.2 MiB 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f
unbound_1.6.7-1ubuntu2.4.debian.tar.xz 36.2 KiB 5dd46ef27718170120b60a972ae70e48dfe1023493e49dd528579cb7bbf0078e
unbound_1.6.7-1ubuntu2.4.dsc 3.1 KiB b08e95674133a36c0d78a7e91c73f926b14e63e991275626d8cd408a5d261487

View changes file

Binary packages built by this source

libunbound-dev: static library, header files, and docs for libunbound

 Static library, header files, and documentation for libunbound.
 .
 libunbound performs and validates DNS lookups; it can be used to convert
 hostnames to IP addresses and back and obtain other information from the
 DNS. Cryptographic validation of results is performed with DNSSEC.

libunbound2: library implementing DNS resolution and validation

 libunbound performs and validates DNS lookups; it can be used to convert
 hostnames to IP addresses and back and obtain other information from the
 DNS. Cryptographic validation of results is performed with DNSSEC.

libunbound2-dbgsym: debug symbols for libunbound2
python-unbound: library implementing DNS resolution and validation (Python bindings)

 Python extension module for libunbound.
 .
 libunbound performs and validates DNS lookups; it can be used to convert
 hostnames to IP addresses and back and obtain other information from the
 DNS. Cryptographic validation of results is performed with DNSSEC.

python-unbound-dbgsym: debug symbols for python-unbound
python3-unbound: library implementing DNS resolution and validation (Python3 bindings)

 Python3 extension module for libunbound.
 .
 libunbound performs and validates DNS lookups; it can be used to convert
 hostnames to IP addresses and back and obtain other information from the
 DNS. Cryptographic validation of results is performed with DNSSEC.

python3-unbound-dbgsym: debug symbols for python3-unbound
unbound: validating, recursive, caching DNS resolver

 Unbound is a recursive-only caching DNS server which can perform DNSSEC
 validation of results. It implements only a minimal amount of authoritative
 service to prevent leakage to the root nameservers: forward lookups for
 localhost, reverse for 127.0.0.1 and ::1, and NXDOMAIN for zones served by
 AS112. Stub and forward zones are supported.
 .
 This package contains the unbound daemon.

unbound-anchor: utility to securely fetch the root DNS trust anchor

 unbound-anchor is a utility which securely fetches or updates the root DNS
 zone trust anchor. A copy of the current root anchor and root update
 certificate is embedded in unbound-anchor. RFC 5011 trust anchor tracking is
 performed, with fallback to an SSL fetch if this fails.

unbound-anchor-dbgsym: debug symbols for unbound-anchor
unbound-dbgsym: debug symbols for unbound
unbound-host: reimplementation of the 'host' command

 This package provides the 'unbound-host' program that is bundled with the
 Unbound domain name server. This version differs from the one provided in the
 package called host, which is from NIKHEF, and bind9-host, which is from ISC,
 and has a similar but different set of features and options.

unbound-host-dbgsym: debug symbols for unbound-host