Project

General

Profile

Actions
Copy link

Todo #15483

open

Update Unbound to 1.20.0

Added by Glenn Hall about 2 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
2.8.0
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
24.08
Release Notes:
Default

Description

Update Unbound to version 1.20.0, as this newest version contains a fix for the DNSBomb vulnerability CVE-2024-33655.

Actions
Copy link
 #1

Updated by Jim Pingle about 2 months ago

  • Priority changed from Normal-package to Normal
  • Target version set to 2.8.0
  • Plus Target Version set to 24.07

If you read the details that isn't really a vulnerability in Unbound and they only added/changed some default values to make it less of a tempting middleman for attackers. We're already working on updating it, but it's not as critical as if it were a flaw in Unbound itself.

Actions
Copy link
 #2

Updated by Jim Pingle about 1 month ago

  • Plus Target Version changed from 24.07 to 24.08
Actions
Copy link

Also available in: Atom PDF