https://secunia.com/advisories/47220/ Description Two vulnerabilities have been reported in Unbound, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A memory allocation error when processing certain RRs (Resource Records) can be exploited to cause a crash by sending signed duplicate redirecting RRs. 2) An error when processing certain responses for NSEC3-signed zones can be exploited to e.g. cause an assertion error or crash by sending specially crafted responses. The vulnerabilities are reported in versions prior to 1.4.14. Solution Update to version 1.4.13p2 and 1.4.14 or apply patches. Further details available in Customer Area Provided and/or discovered by Reported by the vendor. Original Advisory http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4869 to the following vulnerability: Name: CVE-2011-4869 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4869 Assigned: 20111220 Reference: http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt Reference: http://www.kb.cert.org/vuls/id/209659 validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528. Also note that unbound 1.4.14 is pending in Fedora and EPEL: https://admin.fedoraproject.org/updates/search/CVE-2011-4528
unbound-1.4.14-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
unbound-1.4.14-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
unbound-1.4.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
unbound-1.4.14-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.