{"id":"SUSE-SU-2024:1923-1","summary":"Security update for unbound","details":"This update for unbound fixes the following issues:\n\nunbound was updated to 1.20.0:\n\n* A lot of bugfixes and added features.\n  For a complete list take a look at the changelog located at:\n  /usr/share/doc/packages/unbound/Changelog or\n  https://www.nlnetlabs.nl/projects/unbound/download/\n\nSome Noteworthy Changes:\n\n* Removed DLV. The DLV has been decommisioned since unbound\n  1.5.4 and has been advised to stop using it since. The use of\n  dlv options displays a warning.\n* Remove EDNS lame procedure, do not re-query without EDNS after\n  timeout.\n* Add DNS over HTTPS\n* libunbound has been upgraded to major version 8\n\nSecurity Fixes:\n* CVE-2023-50387: DNSSEC verification complexity can be\n  exploited to exhaust CPU resources and stall DNS resolvers.  [bsc#1219823]\n* CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU.\n  [bsc#1219826]\n* CVE-2022-30698: Novel 'ghost domain names' attack by\n  introducing subdomain delegations.  [bsc#1202033]\n* CVE-2022-30699: Novel 'ghost domain names' attack by\n  updating almost expired delegation information.  [bsc#1202031]\n* CVE-2022-3204: NRDelegation attack leads to uncontrolled\n  resource consumption (Non-Responsive Delegation Attack).  [bsc#1203643]\n\nPackaging Changes:\n\n* Use prefixes instead of sudo in unbound.service\n* Remove no longer necessary BuildRequires: libfstrm-devel and\n  libprotobuf-c-devel\n","modified":"2026-02-04T04:03:28.489965Z","published":"2024-06-04T11:50:47Z","related":["CVE-2022-30698","CVE-2022-30699","CVE-2022-3204","CVE-2023-50387","CVE-2023-50868"],"upstream":["CVE-2022-30698","CVE-2022-30699","CVE-2022-3204","CVE-2023-50387","CVE-2023-50868"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241923-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202031"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202033"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203643"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219823"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219826"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-30698"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-30699"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3204"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-50387"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-50868"}],"affected":[{"package":{"name":"unbound","ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP6","purl":"pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.0-150600.23.3.1"}]}],"ecosystem_specific":{"binaries":[{"unbound-anchor":"1.20.0-150600.23.3.1","libunbound8":"1.20.0-150600.23.3.1","unbound-devel":"1.20.0-150600.23.3.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1923-1.json"}},{"package":{"name":"unbound","ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","purl":"pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.0-150600.23.3.1"}]}],"ecosystem_specific":{"binaries":[{"unbound-python":"1.20.0-150600.23.3.1","unbound":"1.20.0-150600.23.3.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1923-1.json"}},{"package":{"name":"unbound","ecosystem":"openSUSE:Leap 15.6","purl":"pkg:rpm/opensuse/unbound&distro=openSUSE%20Leap%2015.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.0-150600.23.3.1"}]}],"ecosystem_specific":{"binaries":[{"unbound-anchor":"1.20.0-150600.23.3.1","unbound-python":"1.20.0-150600.23.3.1","unbound":"1.20.0-150600.23.3.1","libunbound8":"1.20.0-150600.23.3.1","unbound-devel":"1.20.0-150600.23.3.1","unbound-munin":"1.20.0-150600.23.3.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1923-1.json"}}],"schema_version":"1.7.3"}