libunbound8-1.16.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12235-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libunbound8-1.16.2-1.1 on GA media These are all security issues fixed in the libunbound8-1.16.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12235 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-30698/ SUSE CVE CVE-2022-30698 page openSUSE Tumbleweed libunbound8-1.16.2-1.1 python3-unbound-1.16.2-1.1 unbound-1.16.2-1.1 unbound-anchor-1.16.2-1.1 unbound-devel-1.16.2-1.1 unbound-munin-1.16.2-1.1 libunbound8-1.16.2-1.1 as a component of openSUSE Tumbleweed python3-unbound-1.16.2-1.1 as a component of openSUSE Tumbleweed unbound-1.16.2-1.1 as a component of openSUSE Tumbleweed unbound-anchor-1.16.2-1.1 as a component of openSUSE Tumbleweed unbound-devel-1.16.2-1.1 as a component of openSUSE Tumbleweed unbound-munin-1.16.2-1.1 as a component of openSUSE Tumbleweed NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. CVE-2022-30698 openSUSE Tumbleweed:libunbound8-1.16.2-1.1 openSUSE Tumbleweed:python3-unbound-1.16.2-1.1 openSUSE Tumbleweed:unbound-1.16.2-1.1 openSUSE Tumbleweed:unbound-anchor-1.16.2-1.1 openSUSE Tumbleweed:unbound-devel-1.16.2-1.1 openSUSE Tumbleweed:unbound-munin-1.16.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-30698.html CVE-2022-30698 https://bugzilla.suse.com/1202031 SUSE Bug 1202031 https://bugzilla.suse.com/1202033 SUSE Bug 1202033