unbound 1.9.4-2ubuntu1.2 source package in Ubuntu

Changelog

unbound (1.9.4-2ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: configuration injection via MITM
    - debian/patches/CVE-2019-25031.patch: use https, remove special
      characters in contrib/create_unbound_ad_servers.sh.
    - CVE-2019-25031
  * SECURITY UPDATE: integer overflows in the regional allocator
    - debian/patches/CVE-2019-25032.patch: fix overflows in config.h.in,
      configure, configure.ac, util/regional.c.
    - CVE-2019-25032
    - CVE-2019-25033
  * SECURITY UPDATE: integer overflow in sldns_str2wire_dname_buf_origin
    - debian/patches/CVE-2019-25034.patch: check lengths in
      sldns/str2wire.c.
    - CVE-2019-25034
  * SECURITY UPDATE: out-of-bounds write in sldns_bget_token_par
    - debian/patches/CVE-2019-25035.patch: check for space in
      sldns/parse.c.
    - CVE-2019-25035
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25036.patch: validate lengths in
      iterator/iter_scrub.c.
    - CVE-2019-25036
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25037.patch: validate length in
      util/data/dname.c.
    - CVE-2019-25037
  * SECURITY UPDATE: integer overflow in a size calculation
    - debian/patches/CVE-2019-25038.patch: check for overflows in
      dnscrypt/dnscrypt.c, respip/respip.c.
    - CVE-2019-25038
    - CVE-2019-25039
  * SECURITY UPDATE: infinite loop and assertion fail via compressed name
    - debian/patches/CVE-2019-25040.patch: validate compression pointers in
      util/data/dname.c.
    - CVE-2019-25040
    - CVE-2019-25041
  * SECURITY UPDATE: out-of-bounds write via a compressed name
    - debian/patches/CVE-2019-25042.patch: move assert in
      util/data/msgreply.c.
    - CVE-2019-25042
  * SECURITY UPDATE: incorrect PID file handling
    - debian/patches/CVE-2020-28935.patch: check for symlinks in
      daemon/unbound.c.
    - CVE-2020-28935
  * debian/patches: rename debian-changes to fix-nettle-build.patch.

 -- Marc Deslauriers <email address hidden>  Wed, 05 May 2021 07:22:34 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
unbound_1.9.4.orig.tar.gz 5.4 MiB 3d3e25fb224025f0e732c7970e5676f53fd1764c16d6a01be073a13e42954bb0
unbound_1.9.4-2ubuntu1.2.debian.tar.xz 31.1 KiB c35f170290bcaa27da202ed35e6d601cfa14eff9510fc96eaf039baa92bc7af9
unbound_1.9.4-2ubuntu1.2.dsc 3.0 KiB 6723618f80a58acee6a94c96d6d2b15db3f24b20f590580309e4ed487571dcdc

View changes file

Binary packages built by this source

libunbound-dev: static library, header files, and docs for libunbound

 Static library, header files, and documentation for libunbound.
 .
 libunbound performs and validates DNS lookups; it can be used to convert
 hostnames to IP addresses and back and obtain other information from the
 DNS. Cryptographic validation of results is performed with DNSSEC.

libunbound8: library implementing DNS resolution and validation

 libunbound performs and validates DNS lookups; it can be used to convert
 hostnames to IP addresses and back and obtain other information from the
 DNS. Cryptographic validation of results is performed with DNSSEC.

libunbound8-dbgsym: debug symbols for libunbound8
python-unbound: library implementing DNS resolution and validation (Python bindings)

 Python extension module for libunbound.
 .
 libunbound performs and validates DNS lookups; it can be used to convert
 hostnames to IP addresses and back and obtain other information from the
 DNS. Cryptographic validation of results is performed with DNSSEC.

python-unbound-dbgsym: debug symbols for python-unbound
python3-unbound: library implementing DNS resolution and validation (Python3 bindings)

 Python3 extension module for libunbound.
 .
 libunbound performs and validates DNS lookups; it can be used to convert
 hostnames to IP addresses and back and obtain other information from the
 DNS. Cryptographic validation of results is performed with DNSSEC.

python3-unbound-dbgsym: debug symbols for python3-unbound
unbound: validating, recursive, caching DNS resolver

 Unbound is a recursive-only caching DNS server which can perform DNSSEC
 validation of results. It implements only a minimal amount of authoritative
 service to prevent leakage to the root nameservers: forward lookups for
 localhost, reverse for 127.0.0.1 and ::1, and NXDOMAIN for zones served by
 AS112. Stub and forward zones are supported.
 .
 This package contains the unbound daemon.

unbound-anchor: utility to securely fetch the root DNS trust anchor

 unbound-anchor is a utility which securely fetches or updates the root DNS
 zone trust anchor. A copy of the current root anchor and root update
 certificate is embedded in unbound-anchor. RFC 5011 trust anchor tracking is
 performed, with fallback to an SSL fetch if this fails.

unbound-anchor-dbgsym: debug symbols for unbound-anchor
unbound-dbgsym: debug symbols for unbound
unbound-host: reimplementation of the 'host' command

 This package provides the 'unbound-host' program that is bundled with the
 Unbound domain name server. This version differs from the one provided in the
 package called host, which is from NIKHEF, and bind9-host, which is from ISC,
 and has a similar but different set of features and options.

unbound-host-dbgsym: debug symbols for unbound-host