SUSE-SU-2022:0176-1 -- SLES unbound, libunbound2ID: oval:org.secpod.oval:def:89045925 | Date: (C)2022-02-17 (M)2024-05-16 |
Class: PATCH | Family: unix |
This update for unbound fixes the following issues: - CVE-2019-25031: Fixed configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack . - CVE-2019-25032: Fixed integer overflow in the regional allocator via regional_alloc . - CVE-2019-25033: Fixed integer overflow in the regional allocator via the ALIGN_UP macro . - CVE-2019-25034: Fixed integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write . - CVE-2019-25035: Fixed out-of-bounds write in sldns_bget_token_par . - CVE-2019-25036: Fixed assertion failure and denial of service in synth_cname . - CVE-2019-25037: Fixed assertion failure and denial of service in dname_pkt_copy via an invalid packet . - CVE-2019-25038: Fixed integer overflow in a size calculation in dnscrypt/dnscrypt.c . - CVE-2019-25039: Fixed integer overflow in a size calculation in respip/respip.c . - CVE-2019-25040: Fixed infinite loop via a compressed name in dname_pkt_copy . - CVE-2019-25041: Fixed assertion failure via a compressed name in dname_pkt_copy . - CVE-2019-25042: Fixed out-of-bounds write via a compressed name in rdata_copy . - CVE-2020-28935: Fixed symbolic link traversal when writing PID file .
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
unbound |
libunbound2 |