Created attachment 236869 [details] Unbound 1.16.3 The attached patch updates dns/unbound to version 1.16.3: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-3 Bug Fixes Patch for CVE-2022-3204 Non-Responsive Delegation Attack. Tested on stable/13 and main.
(In reply to Herbert J. Skuhra from comment #0) I was just about to send the same patch. I tested on all official releases, so yup, approved.
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field. Thanks!
(In reply to Fernando Apesteguía from comment #2) I Cannot add the URL, but it is: <https://nlnetlabs.nl/news/2022/Sep/21/unbound-1.16.3-released/> I quote the text below, Published: Wed 21 September 2022 We are pleased to announce the release of version 1.16.3 of the Unbound recursive DNS resolver. This release fixes CVE-2022-3204 'Non-Responsive Delegation Attack'. It was reported by Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr and Shani Stajnrod from Reichman University. This fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can look in the cache for missing records. For a full list of changes and binary and source packages, see the download page.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=90c18b46cfbe234e0d483984cf44cc1867935ab8 commit 90c18b46cfbe234e0d483984cf44cc1867935ab8 Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2022-09-29 05:35:45 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-09-29 05:35:45 +0000 security/vuxml: Document unbound vulnerability PR: 266654 Reported by: Herbert J. Skuhra <herbert@gojira.at> Security: CVE-2022-3204 security/vuxml/vuln-2022.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2efbd2b027c85ab8a3ec41de872affb7dc5963de commit 2efbd2b027c85ab8a3ec41de872affb7dc5963de Author: Herbert J. Skuhra <herbert@gojira.at> AuthorDate: 2022-09-28 05:16:17 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-09-29 05:39:14 +0000 dns/unbound: Update to 1.16.3 ChangeLog: https://nlnetlabs.nl/news/2022/Sep/21/unbound-1.16.3-released/ Fixes Non-Responsive Delegation Attack. PR: 266654 Reported by: herbert@gojira.at Approved by: jaap@NLnetLabs.nl (maintainer) Security: CVE-2022-3204 dns/unbound/Makefile | 2 +- dns/unbound/distinfo | 6 +++--- dns/unbound/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-)
Committed, Thanks! Note: not MFH since we are just about to create Q4.