Project

General

Profile

Actions

Bug #10576

closed

Update unbound to mitigate CVE-2020-12662

Added by znerol znerol almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
High
Category:
DNS Resolver
Target version:
Start date:
05/20/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

Unbound is vulnerable to a new type of DNS amplification attack dubbed NXNSAttack.

Actions #1

Updated by Jim Pingle almost 4 years ago

  • Category set to DNS Resolver
  • Assignee set to Renato Botelho
  • Priority changed from Normal to High
  • Target version set to 2.4.5-p1
  • Affected Version set to All
  • Affected Architecture All added
Actions #2

Updated by Renato Botelho almost 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Done

Actions #3

Updated by Jim Pingle almost 4 years ago

New version is offered on 2.4.5:

unbound-1.9.6                      <   needs updating (remote has 1.10.1)

Upgrades OK:

: pkg upgrade -y unbound
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    unbound: 1.9.6 -> 1.10.1 [pfSense]
    python37: 3.7.6 -> 3.7.7 [pfSense]

Number of packages to be upgraded: 2

17 MiB to be downloaded.
[1/2] Fetching unbound-1.10.1.txz: 100%    1 MiB 385.6kB/s    00:03    
[2/2] Fetching python37-3.7.7.txz: 100%   16 MiB 618.1kB/s    00:27    
Checking integrity... done (0 conflicting)
[1/2] Upgrading python37 from 3.7.6 to 3.7.7...
[1/2] Extracting python37-3.7.7: 100%
[2/2] Upgrading unbound from 1.9.6 to 1.10.1...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[2/2] Extracting unbound-1.10.1: 100%

Service is running, restarts fine, no errors. Resolves as expected with a basic config. Works the same after a reboot. If others encounter problems, we can address them with new issues.

Actions #4

Updated by Jim Pingle almost 4 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF