1. Ubuntu Security Notices
  2. USN-6665-1

USN-6665-1: Unbound vulnerabilities

Publication date

28 February 2024

Overview

Several security issues were fixed in Unbound.

Releases

Packages

  • unbound - validating, recursive, caching DNS resolver

Details

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Unbound incorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Unbound to consume
resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Unbound incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Unbound to consume resources, leading to a denial of service.
(CVE-2023-50868)

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Unbound incorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Unbound to consume
resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Unbound incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Unbound to consume resources, leading to a denial of service.
(CVE-2023-50868)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
23.10 mantic libunbound8 –  1.17.1-2ubuntu0.1
unbound –  1.17.1-2ubuntu0.1
22.04 jammy libunbound8 –  1.13.1-1ubuntu5.4
unbound –  1.13.1-1ubuntu5.4
20.04 focal libunbound8 –  1.9.4-2ubuntu1.5
unbound –  1.9.4-2ubuntu1.5

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›