{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20193282", "Version": "oval:org.altlinux.errata:def:20193282", "Class": "patch", "Metadata": { "Title": "ALT-PU-2019-3282: package `unbound` update to version 1.9.6-alt1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c10f1" ], "Products": [ "ALT SP Workstation", "ALT SP Server" ] } ], "References": [ { "RefID": "ALT-PU-2019-3282", "RefURL": "https://errata.altlinux.org/ALT-PU-2019-3282", "Source": "ALTPU" }, { "RefID": "BDU:2021-05799", "RefURL": "https://bdu.fstec.ru/vul/2021-05799", "Source": "BDU" }, { "RefID": "BDU:2021-05838", "RefURL": "https://bdu.fstec.ru/vul/2021-05838", "Source": "BDU" }, { "RefID": "BDU:2021-05865", "RefURL": "https://bdu.fstec.ru/vul/2021-05865", "Source": "BDU" }, { "RefID": "BDU:2021-05875", "RefURL": "https://bdu.fstec.ru/vul/2021-05875", "Source": "BDU" }, { "RefID": "BDU:2021-05909", "RefURL": "https://bdu.fstec.ru/vul/2021-05909", "Source": "BDU" }, { "RefID": "BDU:2021-06226", "RefURL": "https://bdu.fstec.ru/vul/2021-06226", "Source": "BDU" }, { "RefID": "BDU:2021-06245", "RefURL": "https://bdu.fstec.ru/vul/2021-06245", "Source": "BDU" }, { "RefID": "BDU:2021-06246", "RefURL": "https://bdu.fstec.ru/vul/2021-06246", "Source": "BDU" }, { "RefID": "BDU:2021-06248", "RefURL": "https://bdu.fstec.ru/vul/2021-06248", "Source": "BDU" }, { "RefID": "BDU:2022-06879", "RefURL": "https://bdu.fstec.ru/vul/2022-06879", "Source": "BDU" }, { "RefID": "BDU:2022-06882", "RefURL": "https://bdu.fstec.ru/vul/2022-06882", "Source": "BDU" }, { "RefID": "BDU:2022-06885", "RefURL": "https://bdu.fstec.ru/vul/2022-06885", "Source": "BDU" }, { "RefID": "BDU:2022-06886", "RefURL": "https://bdu.fstec.ru/vul/2022-06886", "Source": "BDU" }, { "RefID": "CVE-2019-18934", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-18934", "Source": "CVE" }, { "RefID": "CVE-2019-25031", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25031", "Source": "CVE" }, { "RefID": "CVE-2019-25032", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25032", "Source": "CVE" }, { "RefID": "CVE-2019-25033", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25033", "Source": "CVE" }, { "RefID": "CVE-2019-25034", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25034", "Source": "CVE" }, { "RefID": "CVE-2019-25035", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25035", "Source": "CVE" }, { "RefID": "CVE-2019-25036", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25036", "Source": "CVE" }, { "RefID": "CVE-2019-25037", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25037", "Source": "CVE" }, { "RefID": "CVE-2019-25038", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25038", "Source": "CVE" }, { "RefID": "CVE-2019-25039", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25039", "Source": "CVE" }, { "RefID": "CVE-2019-25040", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25040", "Source": "CVE" }, { "RefID": "CVE-2019-25041", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25041", "Source": "CVE" }, { "RefID": "CVE-2019-25042", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25042", "Source": "CVE" } ], "Description": "This update upgrades unbound to version 1.9.6-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05799: Уязвимость функции sldns_str2wire_dname_buf_origin DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-05838: Уязвимость функции rdata_copy DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-05865: Уязвимость макроса ALIGN_UP DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-05875: Уязвимость функции dname_pkt_copy DNS-сервера Unbound, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05909: Уязвимость функции ub_packed_rrset_key DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-06226: Уязвимость функции synth_cname() DNS-сервера Unbound, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-06245: Уязвимость функции dnsc_load_local_data DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-06246: Уязвимость функции dname_pkt_copy DNS-сервера Unbound, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-06248: Уязвимость функции dname_pkt_copy DNS-сервера Unbound, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06879: Уязвимость модуля ipsec DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-06882: Уязвимость компонента create_unbound_ad_servers.sh DNS-сервера Unbound, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2022-06885: Уязвимость функции sldns_bget_token_par DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-06886: Уязвимость функции regional_alloc компонента util/regional.c DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2019-18934: Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.\n\n * CVE-2019-25031: Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation\n\n * CVE-2019-25032: Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25033: Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25034: Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25035: Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25036: Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25037: Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25038: Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25039: Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25040: Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25041: Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25042: Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited", "Advisory": { "From": "errata.altlinux.org", "Severity": "Critical", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2019-12-13" }, "Updated": { "Date": "2019-12-13" }, "BDUs": [ { "ID": "BDU:2021-05799", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2021-05799", "Impact": "Critical", "Public": "20191211" }, { "ID": "BDU:2021-05838", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://bdu.fstec.ru/vul/2021-05838", "Impact": "Critical", "Public": "20191211" }, { "ID": "BDU:2021-05865", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2021-05865", "Impact": "Critical", "Public": "20191211" }, { "ID": "BDU:2021-05875", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-617", "Href": "https://bdu.fstec.ru/vul/2021-05875", "Impact": "High", "Public": "20191211" }, { "ID": "BDU:2021-05909", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2021-05909", "Impact": "Critical", "Public": "20191211" }, { "ID": "BDU:2021-06226", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-617", "Href": "https://bdu.fstec.ru/vul/2021-06226", "Impact": "High", "Public": "20191211" }, { "ID": "BDU:2021-06245", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2021-06245", "Impact": "Critical", "Public": "20191211" }, { "ID": "BDU:2021-06246", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-617", "Href": "https://bdu.fstec.ru/vul/2021-06246", "Impact": "High", "Public": "20191211" }, { "ID": "BDU:2021-06248", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-835", "Href": "https://bdu.fstec.ru/vul/2021-06248", "Impact": "High", "Public": "20191211" }, { "ID": "BDU:2022-06879", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "CWE": "CWE-78", "Href": "https://bdu.fstec.ru/vul/2022-06879", "Impact": "High", "Public": "20191119" }, { "ID": "BDU:2022-06882", "CVSS": "AV:N/AC:M/Au:N/C:N/I:C/A:N", "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "CWE": "CWE-74", "Href": "https://bdu.fstec.ru/vul/2022-06882", "Impact": "Low", "Public": "20190911" }, { "ID": "BDU:2022-06885", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://bdu.fstec.ru/vul/2022-06885", "Impact": "Critical", "Public": "20190911" }, { "ID": "BDU:2022-06886", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2022-06886", "Impact": "Critical", "Public": "20190911" } ], "CVEs": [ { "ID": "CVE-2019-18934", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "CWE": "CWE-78", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-18934", "Impact": "High", "Public": "20191119" }, { "ID": "CVE-2019-25031", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "CWE": "CWE-74", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25031", "Impact": "Low", "Public": "20210427" }, { "ID": "CVE-2019-25032", "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25032", "Impact": "Critical", "Public": "20210427" }, { "ID": "CVE-2019-25033", "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25033", "Impact": "Critical", "Public": "20210427" }, { "ID": "CVE-2019-25034", "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25034", "Impact": "Critical", "Public": "20210427" }, { "ID": "CVE-2019-25035", "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25035", "Impact": "Critical", "Public": "20210427" }, { "ID": "CVE-2019-25036", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-617", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25036", "Impact": "High", "Public": "20210427" }, { "ID": "CVE-2019-25037", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-617", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25037", "Impact": "High", "Public": "20210427" }, { "ID": "CVE-2019-25038", "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25038", "Impact": "Critical", "Public": "20210427" }, { "ID": "CVE-2019-25039", "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25039", "Impact": "Critical", "Public": "20210427" }, { "ID": "CVE-2019-25040", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-835", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25040", "Impact": "High", "Public": "20210427" }, { "ID": "CVE-2019-25041", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-617", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25041", "Impact": "High", "Public": "20210427" }, { "ID": "CVE-2019-25042", "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25042", "Impact": "Critical", "Public": "20210427" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:10", "cpe:/o:alt:spserver:10" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:4001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20193282001", "Comment": "libunbound is earlier than 0:1.9.6-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20193282002", "Comment": "libunbound-devel is earlier than 0:1.9.6-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20193282003", "Comment": "libunbound-devel-static is earlier than 0:1.9.6-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20193282004", "Comment": "python-module-unbound is earlier than 0:1.9.6-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20193282005", "Comment": "unbound is earlier than 0:1.9.6-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20193282006", "Comment": "unbound-control is earlier than 0:1.9.6-alt1" } ] } ] } } ] }