A vulnerability was discovered in DNSSEC. Processing of wildcard synthesized NSEC records may result in improper validation for non-existance in some implementations of DNSSEC. While synthesis of NSEC records is allowed by RFC4592, the synthesized owner names should not be used in the NSEC processing.
Acknowledgments: Name: Ralph Dolmans (NLnet Labs), Karst Koymans (University of Amsterdam)
Statement: This issue affects the versions of unbound as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
External References: https://unbound.net/downloads/CVE-2017-15105.txt
Created unbound tracking bugs for this issue: Affects: fedora-all [bug 1536518]