unbound 1.6.7-1ubuntu2.5 source package in Ubuntu
Changelog
unbound (1.6.7-1ubuntu2.5) bionic-security; urgency=medium
* SECURITY UPDATE: Ghost domain names issues
- debian/patches/CVE-2022-3069x-pre1.patch: fix that cachedb could
return a partial CNAME chain in cachedb/cachedb.c,
iterator/iterator.c, services/cache/dns.c, services/cache/dns.h.
- debian/patches/CVE-2022-3069x-pre2.patch: backport a version of the
iter_stub_fwd_no_cache function in iterator/iter_utils.c,
iterator/iter_utils.h.
- debian/patches/CVE-2022-3069x-pre3.patch: fix that nxdomain synthesis
does not happen above the stub or forward definition in
cachedb/cachedb.c, iterator/iter_utils.c, iterator/iter_utils.h,
iterator/iterator.c, services/cache/dns.c, services/cache/dns.h.
- debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain
issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c,
dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c,
iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i,
pythonmod/pythonmod_utils.c, services/cache/dns.c,
services/cache/dns.h, services/mesh.c,
testdata/iter_prefetch_change.rpl, util/module.h,
validator/validator.c.
- CVE-2022-30698
- CVE-2022-30699
-- Marc Deslauriers <email address hidden> Thu, 04 Aug 2022 07:56:04 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| unbound_1.6.7.orig.tar.gz | 5.2 MiB | 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f |
| unbound_1.6.7-1ubuntu2.5.debian.tar.xz | 43.6 KiB | 48b935fcbfc5b43224bacfd0d18a3d2daf2688d86b2df2f74f1789192d2654f5 |
| unbound_1.6.7-1ubuntu2.5.dsc | 3.1 KiB | 99672e6b9c48215e354fbbdd36023baf195f29bcef98ea2142f498e0eea966d9 |
Available diffs
Binary packages built by this source
- libunbound-dev: static library, header files, and docs for libunbound
Static library, header files, and documentation for libunbound.
.
libunbound performs and validates DNS lookups; it can be used to convert
hostnames to IP addresses and back and obtain other information from the
DNS. Cryptographic validation of results is performed with DNSSEC.
- libunbound2: library implementing DNS resolution and validation
libunbound performs and validates DNS lookups; it can be used to convert
hostnames to IP addresses and back and obtain other information from the
DNS. Cryptographic validation of results is performed with DNSSEC.
- libunbound2-dbgsym: debug symbols for libunbound2
- python-unbound: library implementing DNS resolution and validation (Python bindings)
Python extension module for libunbound.
.
libunbound performs and validates DNS lookups; it can be used to convert
hostnames to IP addresses and back and obtain other information from the
DNS. Cryptographic validation of results is performed with DNSSEC.
- python-unbound-dbgsym: debug symbols for python-unbound
- python3-unbound: library implementing DNS resolution and validation (Python3 bindings)
Python3 extension module for libunbound.
.
libunbound performs and validates DNS lookups; it can be used to convert
hostnames to IP addresses and back and obtain other information from the
DNS. Cryptographic validation of results is performed with DNSSEC.
- python3-unbound-dbgsym: debug symbols for python3-unbound
- unbound: validating, recursive, caching DNS resolver
Unbound is a recursive-only caching DNS server which can perform DNSSEC
validation of results. It implements only a minimal amount of authoritative
service to prevent leakage to the root nameservers: forward lookups for
localhost, reverse for 127.0.0.1 and ::1, and NXDOMAIN for zones served by
AS112. Stub and forward zones are supported.
.
This package contains the unbound daemon.
- unbound-anchor: utility to securely fetch the root DNS trust anchor
unbound-anchor is a utility which securely fetches or updates the root DNS
zone trust anchor. A copy of the current root anchor and root update
certificate is embedded in unbound-anchor. RFC 5011 trust anchor tracking is
performed, with fallback to an SSL fetch if this fails.
- unbound-anchor-dbgsym: debug symbols for unbound-anchor
- unbound-dbgsym: debug symbols for unbound
- unbound-host: reimplementation of the 'host' command
This package provides the 'unbound-host' program that is bundled with the
Unbound domain name server. This version differs from the one provided in the
package called host, which is from NIKHEF, and bind9-host, which is from ISC,
and has a similar but different set of features and options.
- unbound-host-dbgsym: debug symbols for unbound-host
