FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

unbound -- mutliple vulnerabilities

Affected packages
		unbound	<	1.10.1
12.1	<=	FreeBSD	<	12.1_7
11.4	<=	FreeBSD	<	11.4_1
11.3	<=	FreeBSD	<	11.3_11

Details

VuXML ID	a2cb7c31-9c79-11ea-a9c2-d05099c0ae8c
Discovery	2020-05-19
Entry	2020-05-22
Modified	2020-07-10

NLNetLabs reports:

This release fixes CVE-2020-12662 and CVE-2020-12663.

Bug Fixes:

CVE-2020-12662 Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target.

CVE-2020-12663 Malformed answers from upstream name servers can be used to make Unbound unresponsive.

[source]

References

CVE Name	CVE-2020-12662
CVE Name	CVE-2020-12663
FreeBSD Advisory	SA-20:19.unbound
URL	https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-May/006833.html