[ASA-201910-6] unbound: denial of service
santiago at archlinux.org
Fri Oct 11 21:08:13 UTC 2019
Arch Linux Security Advisory ASA-201910-6
Date : 2019-10-11
CVE-ID : CVE-2019-16866
Package : unbound
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1042
The package unbound before version 1.9.4-1 is vulnerable to denial of
Upgrade to 1.9.4-1.
# pacman -Syu "unbound>=1.9.4-1"
The problem has been fixed upstream in version 1.9.4.
Due to an error in parsing NOTIFY queries, it is possible for Unbound
from 1.7.1 up to and including 1.9.3 to continue processing malformed
queries and may ultimately result in a pointer dereference in
uninitialized memory. This results in a crash of the Unbound daemon.
A remote attacker might be able to crash the Unbound server via crafted
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security