Update unbound to mitigate CVE-2020-12662
Unbound is vulnerable to a new type of DNS amplification attack dubbed NXNSAttack.
Updated by Jim Pingle over 3 years ago
New version is offered on 2.4.5:
unbound-1.9.6 < needs updating (remote has 1.10.1)
: pkg upgrade -y unbound Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 2 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: unbound: 1.9.6 -> 1.10.1 [pfSense] python37: 3.7.6 -> 3.7.7 [pfSense] Number of packages to be upgraded: 2 17 MiB to be downloaded. [1/2] Fetching unbound-1.10.1.txz: 100% 1 MiB 385.6kB/s 00:03 [2/2] Fetching python37-3.7.7.txz: 100% 16 MiB 618.1kB/s 00:27 Checking integrity... done (0 conflicting) [1/2] Upgrading python37 from 3.7.6 to 3.7.7... [1/2] Extracting python37-3.7.7: 100% [2/2] Upgrading unbound from 1.9.6 to 1.10.1... ===> Creating groups. Using existing group 'unbound'. ===> Creating users Using existing user 'unbound'. [2/2] Extracting unbound-1.10.1: 100%
Service is running, restarts fine, no errors. Resolves as expected with a basic config. Works the same after a reboot. If others encounter problems, we can address them with new issues.