USN-7080-1: Unbound vulnerability

Releases

• Ubuntu 24.10
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 14.04 ESM

Packages

• unbound - validating, recursive, caching DNS resolver

Details

Toshifumi Sakaguchi discovered that Unbound incorrectly handled name
compression for large RRsets, which could lead to excessive CPU usage.
An attacker could potentially use this issue to cause a denial of service
by sending specially crafted DNS responses.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.10

• libunbound8 - 1.20.0-1ubuntu2.1
• unbound - 1.20.0-1ubuntu2.1

Ubuntu 24.04

• libunbound8 - 1.19.2-1ubuntu3.3
• unbound - 1.19.2-1ubuntu3.3

Ubuntu 22.04

• libunbound8 - 1.13.1-1ubuntu5.8
• unbound - 1.13.1-1ubuntu5.8

Ubuntu 20.04

• libunbound8 - 1.9.4-2ubuntu1.9
• unbound - 1.9.4-2ubuntu1.9

Ubuntu 18.04

• libunbound2 - 1.6.7-1ubuntu2.6+esm3
  Available with Ubuntu Pro
• unbound - 1.6.7-1ubuntu2.6+esm3
  Available with Ubuntu Pro

Ubuntu 16.04

• libunbound2 - 1.5.8-1ubuntu1.1+esm2
  Available with Ubuntu Pro
• unbound - 1.5.8-1ubuntu1.1+esm2
  Available with Ubuntu Pro

Ubuntu 14.04

• libunbound2 - 1.4.22-1ubuntu4.14.04.3+esm2
  Available with Ubuntu Pro
• unbound - 1.4.22-1ubuntu4.14.04.3+esm2
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2024-8508