Update Unbound from 1.6.3 to 1.6.8 #603
Merged
+1
−1
Commits on Feb 5, 2018
-
unbound: Update version from 1.6.3 to 1.6.8
Am 05.02.2018 um 17:29 schrieb Viktor Dukhovni: > > If you're using unbound as your local DNSSEC-validating > resolver and have enabled DANE, an issue is resolved in > unbound 1.6.8 where NSEC records for wildcards could be > misused for invalid denial-of-existence proofs. See: > > https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be > https://unbound.net/downloads/CVE-2017-15105.txt > > The first article mentions that the same issue affected > PowerDNS and Dnsmasq. So if you're using one of those, > you might also need to update. While Google's public > DNS was also affected, this is out of scope for DANE, > as you get little security from relying on the AD bit > from remote resolvers.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.