Bugzilla – Bug 1185391
VUL-0: CVE-2019-25040: unbound: infinite loop via a compressed name in dname_pkt_copy
Last modified: 2022-09-15 12:58:51 UTC
CVE-2019-25040 Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. Upstream commit: 2d444a5037acff6024630b88092d9188f2f5d8fe References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25040 https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ https://ostif.org/wp-content/uploads/2019/12/X41-Unbound-Security-Audit-2019-Final-Report.pdf
openSUSE-SU-2022:0176-1: An update that solves 13 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1076963,1112009,1112033,1179191,1185382,1185383,1185384,1185385,1185386,1185387,1185388,1185389,1185390,1185391,1185392,1185393 CVE References: CVE-2019-25031,CVE-2019-25032,CVE-2019-25033,CVE-2019-25034,CVE-2019-25035,CVE-2019-25036,CVE-2019-25037,CVE-2019-25038,CVE-2019-25039,CVE-2019-25040,CVE-2019-25041,CVE-2019-25042,CVE-2020-28935 JIRA References: Sources used: openSUSE Leap 15.4 (src): unbound-1.6.8-10.6.1 openSUSE Leap 15.3 (src): unbound-1.6.8-10.6.1
SUSE-SU-2022:0176-1: An update that solves 13 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1076963,1112009,1112033,1179191,1185382,1185383,1185384,1185385,1185386,1185387,1185388,1185389,1185390,1185391,1185392,1185393 CVE References: CVE-2019-25031,CVE-2019-25032,CVE-2019-25033,CVE-2019-25034,CVE-2019-25035,CVE-2019-25036,CVE-2019-25037,CVE-2019-25038,CVE-2019-25039,CVE-2019-25040,CVE-2019-25041,CVE-2019-25042,CVE-2020-28935 JIRA References: Sources used: SUSE Manager Server 4.1 (src): unbound-1.6.8-10.6.1 SUSE Manager Retail Branch Server 4.1 (src): unbound-1.6.8-10.6.1 SUSE Manager Proxy 4.1 (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): unbound-1.6.8-10.6.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): unbound-1.6.8-10.6.1 SUSE Enterprise Storage 7 (src): unbound-1.6.8-10.6.1 SUSE Enterprise Storage 6 (src): unbound-1.6.8-10.6.1 SUSE CaaS Platform 4.0 (src): unbound-1.6.8-10.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0301-1: An update that solves 13 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1076963,1112009,1112033,1179191,1185382,1185383,1185384,1185385,1185386,1185387,1185388,1185389,1185390,1185391,1185392,1185393 CVE References: CVE-2019-25031,CVE-2019-25032,CVE-2019-25033,CVE-2019-25034,CVE-2019-25035,CVE-2019-25036,CVE-2019-25037,CVE-2019-25038,CVE-2019-25039,CVE-2019-25040,CVE-2019-25041,CVE-2019-25042,CVE-2020-28935 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): unbound-1.6.8-3.9.1 SUSE Linux Enterprise Server 15-LTSS (src): unbound-1.6.8-3.9.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): unbound-1.6.8-3.9.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): unbound-1.6.8-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0176-2: An update that solves 13 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1076963,1112009,1112033,1179191,1185382,1185383,1185384,1185385,1185386,1185387,1185388,1185389,1185390,1185391,1185392,1185393 CVE References: CVE-2019-25031,CVE-2019-25032,CVE-2019-25033,CVE-2019-25034,CVE-2019-25035,CVE-2019-25036,CVE-2019-25037,CVE-2019-25038,CVE-2019-25039,CVE-2019-25040,CVE-2019-25041,CVE-2019-25042,CVE-2020-28935 JIRA References: Sources used: SUSE Linux Enterprise Realtime Extension 15-SP2 (src): unbound-1.6.8-10.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Released.