{"affected":[{"ecosystem_specific":{"binaries":[{"libunbound8":"1.20.0-150100.10.13.1","unbound-anchor":"1.20.0-150100.10.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"unbound","purl":"pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.20.0-150100.10.13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for unbound fixes the following issues:\n\nunbound was updated to 1.20.0:\n\n* A lot of bugfixes and added features.\n  For a complete list take a look at the changelog located at:\n  /usr/share/doc/packages/unbound/Changelog or\n  https://www.nlnetlabs.nl/projects/unbound/download/\n\nSome Noteworthy Changes:\n\n* Removed DLV. The DLV has been decommisioned since unbound\n  1.5.4 and has been advised to stop using it since. The use of\n  dlv options displays a warning.\n* Remove EDNS lame procedure, do not re-query without EDNS after\n  timeout.\n* Add DNS over HTTPS\n* libunbound has been upgraded to major version 8\n\nSecurity Fixes:\n* CVE-2023-50387: DNSSEC verification complexity can be\n  exploited to exhaust CPU resources and stall DNS resolvers.  [bsc#1219823]\n* CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU.\n  [bsc#1219826]\n* CVE-2022-30698: Novel 'ghost domain names' attack by\n  introducing subdomain delegations.  [bsc#1202033]\n* CVE-2022-30699: Novel 'ghost domain names' attack by\n  updating almost expired delegation information.  [bsc#1202031]\n* CVE-2022-3204: NRDelegation attack leads to uncontrolled\n  resource consumption (Non-Responsive Delegation Attack).  [bsc#1203643]\n\nPackaging Changes:\n\n* Use prefixes instead of sudo in unbound.service\n* Remove no longer necessary BuildRequires: libfstrm-devel and\n  libprotobuf-c-devel\n","id":"SUSE-SU-2024:1991-2","modified":"2024-06-11T11:51:51Z","published":"2024-06-11T11:51:51Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241991-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202031"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202033"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203643"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219823"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219826"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-30698"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-30699"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3204"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-50387"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-50868"}],"related":["CVE-2022-30698","CVE-2022-30699","CVE-2022-3204","CVE-2023-50387","CVE-2023-50868"],"summary":"Security update for unbound","upstream":["CVE-2022-30698","CVE-2022-30699","CVE-2022-3204","CVE-2023-50387","CVE-2023-50868"]}