安全公告详情

NS-SA-2023-0092

2023-05-30 09:08:34

简介

important: bluez/unbound security update

严重级别

important

主题

An update for bluez/unbound is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

bluez: Libraries for use in Bluetooth applications.
unbound: Python 3 modules and extensions for unbound


Security Fix(es):
bluez: BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.(CVE-2021-41229)
bluez: bugfix
unbound: A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive resolver or authoritative name server.(CVE-2020-12662)
unbound: A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability.(CVE-2020-12663)
unbound: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.02B5.

影响组件

  • bluez
  • unbound

影响产品

  • CGSL MAIN 6.06

更新包

{"fix":[{"product":"CGSL MAIN 6.06","pkgs":[{"binary":["bluez-libs-5.56-3.zncgsl6.x86_64.rpm"],"source":"bluez-5.56-3.zncgsl6.src.rpm"},{"binary":["python3-unbound-1.7.3-17.zncgsl6.x86_64.rpm","unbound-libs-1.7.3-17.zncgsl6.x86_64.rpm"],"source":"unbound-1.7.3-17.zncgsl6.src.rpm"}]}]}
CGSL MAIN 6.06
  • bluez-5.56-3.zncgsl6.src.rpm
    • bluez-libs-5.56-3.zncgsl6.x86_64.rpm
  • unbound-1.7.3-17.zncgsl6.src.rpm
    • python3-unbound-1.7.3-17.zncgsl6.x86_64.rpm
    • unbound-libs-1.7.3-17.zncgsl6.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108