Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-33655

Published: 10 May 2024

Unbound could be used to take part in a DoS attack

Notes

AuthorNote
Priority reason:
Upstream Unbound project has rated this as having a low security impact.
mdeslaur
Unbound itself is not vulnerable to the DNSBomb attack, but can
be used to participate in one. The commit below adds some
new options to make the impact from Unbound significantly lower.

Backporting the commit to mantic and lower is intrusive and
may introduce regressions.

Priority

Low

Status

Package Release Status
unbound
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

mantic Needs triage

noble Needs triage

trusty Needs triage

upstream
Released (1.20.0-1)
xenial Needs triage

Patches:
upstream: https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de