More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2303456 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
I cannot access bug link provided. There is no useful information in this bug itself. Without access to any details known, this bug cannot be worked on.
(In reply to Petr Menšík from comment #1) > I cannot access bug link provided. There is no useful information in this > bug itself. Without access to any details known, this bug cannot be worked > on. A NULL pointer dereference was found in Unbound versions <= 1.20.0. The vulnerability occurs in the ub_ctx_set_fwd function in libunbound.c. When a specific sequence of API calls is made, the program attempts to read memory from a NULL pointer, resulting in a segmentation fault. This can cause the application to crash, leading to a denial of service. The issue is triggered by a particular use of the ub_ctx_set_fwd and ub_ctx_resolvconf functions. .
(In reply to Abhishek Raj from comment #2) > (In reply to Petr Menšík from comment #1) > > I cannot access bug link provided. There is no useful information in this > > bug itself. Without access to any details known, this bug cannot be worked > > on. > > A NULL pointer dereference was found in Unbound versions <= 1.20.0. The > vulnerability occurs in the ub_ctx_set_fwd function in libunbound.c. When a > specific sequence of API calls is made, the program attempts to read memory > from a NULL pointer, resulting in a segmentation fault. This can cause the > application to crash, leading to a denial of service. The issue is triggered > by a particular use of the ub_ctx_set_fwd and ub_ctx_resolvconf functions. . Reference: https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files
Ah, excelent. This is too fixed with recent rebase to 1.21.0 (bug #2316313), in all releases to 1.21.1 (bug #2316313), but not yet added to updates.
FEDORA-2024-a5d6cd9f0a (unbound-1.21.1-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-a5d6cd9f0a
FEDORA-2024-c07e065747 (unbound-1.21.1-3.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-c07e065747
FEDORA-2024-2ba00c906c (unbound-1.21.1-3.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-2ba00c906c
FEDORA-2024-c07e065747 (unbound-1.21.1-3.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-a5d6cd9f0a (unbound-1.21.1-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-2ba00c906c (unbound-1.21.1-3.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.