From nobody Thu Mar 7 18:42:16 2024 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TrJ7Y3PN2z5Db8j for ; Thu, 7 Mar 2024 18:42:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TrJ7X684nz4VYw for ; Thu, 7 Mar 2024 18:42:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1709836936; a=rsa-sha256; cv=none; b=uz2dK7eDqNhAr7qwU8tSsM+X4vuLa9lYelN1RGupACqnlbaJEc92sked8NaA+EHq6VkTCF Pd+RO7JDZRqHXYMmU90h4jd2bRhwEzU3Cgfe2IO/RKP50V3qB6fxyHNw5ajiFCN70NpW9d jT5qM3ULEBe4jcVxBnW1gBXvXmnY/VWKpEozYGm3l60y/jpjO/qpYfNnV+GJXm0GoPh9Od 1RJm+sgMQePNPAiEXz3mcmwQeOQmBpf5gg2N6hcrGbzyzPFFX6LjT5/tWl/jEHCXRj4Ugx TPaeawgYddMS7j2TQg72uXWLaaju7Vrd4BftAyYiFpP7ufd83MFDwQ9sQ2nWGA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1709836936; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uhWJCv018QvnxVvrQqNvg4RjOsTqKwn8p0+LkXHHOa4=; b=sbmdk0S8FP1BngjZNMVtyvoCp76eyBGegweJu4Ds/pZ4ZxjZWjohswVZ8bs1ax7N+MxQN6 0+kQLu8eA5rjv8zhwGYGR66dHVS4idSGN88+j2ueIJW+Rka3DGBssAJrvh9khWhR1JKBgu W/KVJ0zH5m+mawKD5TUQb6a/TQUIjzjI/H9XHe6iDi84f6fTIOcvQ5xEOpJolb5YyplUdA AEHNXE3XKTR7QObMNwevgcm2h4YgkFo+AbvbqLdCSaEo7OuTkdCNG9GymNTlrslHREAIuO tOOh4rsRk56efZ/5xDX3ebMqBbgXL4y41mA7w2EC5S0/eHD3+BYvwrwLZohzOA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TrJ7X5mNLzlFn for ; Thu, 7 Mar 2024 18:42:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 427IgGQT095814 for ; Thu, 7 Mar 2024 18:42:16 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 427IgGj1095813 for ports-bugs@FreeBSD.org; Thu, 7 Mar 2024 18:42:16 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 277555] dns/unbound: Update to 1.19.2 Date: Thu, 07 Mar 2024 18:42:16 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277555 Bug ID: 277555 Summary: dns/unbound: Update to 1.19.2 Product: Ports & Packages Version: Latest Hardware: Any URL: https://nlnetlabs.nl/news/2024/Mar/07/unbound-1.19.2-r eleased/ OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #249002 maintainer-approval+ Flags: Created attachment 249002 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D249002&action= =3Dedit patch to upgrade NOTE: there will be a new release shortly, so for users not using=20 the "ede: yes" option, there is no need to upgrade. NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. --=20 You are receiving this mail because: You are the assignee for the bug.=