144 lines
10 KiB
XML
144 lines
10 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
|
|
<DocumentTitle xml:lang="en">An update for unbound is now available for openEuler-20.03-LTS</DocumentTitle>
|
|
<DocumentType>Security Advisory</DocumentType>
|
|
<DocumentPublisher Type="Vendor">
|
|
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
|
|
<IssuingAuthority>openEuler security committee</IssuingAuthority>
|
|
</DocumentPublisher>
|
|
<DocumentTracking>
|
|
<Identification>
|
|
<ID>openEuler-SA-2021-1054</ID>
|
|
</Identification>
|
|
<Status>Final</Status>
|
|
<Version>1.0</Version>
|
|
<RevisionHistory>
|
|
<Revision>
|
|
<Number>1.0</Number>
|
|
<Date>2021-03-05</Date>
|
|
<Description>Initial</Description>
|
|
</Revision>
|
|
</RevisionHistory>
|
|
<InitialReleaseDate>2021-03-05</InitialReleaseDate>
|
|
<CurrentReleaseDate>2021-03-05</CurrentReleaseDate>
|
|
<Generator>
|
|
<Engine>openEuler SA Tool V1.0</Engine>
|
|
<Date>2021-03-05</Date>
|
|
</Generator>
|
|
</DocumentTracking>
|
|
<DocumentNotes>
|
|
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">unbound security update</Note>
|
|
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for unbound is now available for openEuler-20.03-LTS.</Note>
|
|
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most platforms such as FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows. Unbound is a totally free, open source software under the BSD license. It doesn't make custom builds or provide specific features to paying customers only.
|
|
|
|
Security Fix(es):
|
|
|
|
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)
|
|
|
|
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.(CVE-2019-18934)</Note>
|
|
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for unbound is now available for openEuler-20.03-LTS.
|
|
|
|
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
|
|
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
|
|
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">unbound</Note>
|
|
</DocumentNotes>
|
|
<DocumentReferences>
|
|
<Reference Type="Self">
|
|
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1054</URL>
|
|
</Reference>
|
|
<Reference Type="openEuler CVE">
|
|
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-28935</URL>
|
|
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-18934</URL>
|
|
</Reference>
|
|
<Reference Type="Other">
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-28935</URL>
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2019-18934</URL>
|
|
</Reference>
|
|
</DocumentReferences>
|
|
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
|
|
<Branch Type="Product Name" Name="openEuler">
|
|
<FullProductName ProductID="openEuler-20.03-LTS" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">openEuler-20.03-LTS</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="aarch64">
|
|
<FullProductName ProductID="unbound-libs-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-libs-1.11.0-2.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-devel-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-devel-1.11.0-2.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-help-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-help-1.11.0-2.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="python3-unbound-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">python3-unbound-1.11.0-2.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-debugsource-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-debugsource-1.11.0-2.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-debuginfo-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-debuginfo-1.11.0-2.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-1.11.0-2.oe1.aarch64.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="src">
|
|
<FullProductName ProductID="unbound-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-1.11.0-2.oe1.src.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="x86_64">
|
|
<FullProductName ProductID="python3-unbound-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">python3-unbound-1.11.0-2.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-debuginfo-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-debuginfo-1.11.0-2.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-debugsource-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-debugsource-1.11.0-2.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-help-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-help-1.11.0-2.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-devel-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-devel-1.11.0-2.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-1.11.0-2.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="unbound-libs-1.11.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">unbound-libs-1.11.0-2.oe1.x86_64.rpm</FullProductName>
|
|
</Branch>
|
|
</ProductTree>
|
|
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2021-03-05</ReleaseDate>
|
|
<CVE>CVE-2020-28935</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>Medium</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>5.5</BaseScore>
|
|
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>unbound security update</Description>
|
|
<DATE>2021-03-05</DATE>
|
|
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1054</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2021-03-05</ReleaseDate>
|
|
<CVE>CVE-2019-18934</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>7.3</BaseScore>
|
|
<Vector>AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>unbound security update</Description>
|
|
<DATE>2021-03-05</DATE>
|
|
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1054</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
</cvrfdoc> |