Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED Patch your Unbound DNS servers. CVE-2019-16866

    Support
    security
    2
    2
    89
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • necrevistonnezr
      necrevistonnezr last edited by girish

      You can craft a query to crash any Unbound server prior to version 1.9.4.

      This impacts not only Unbound servers, but a huge amount of downstream services that use Unbound as a dependency for secure services. (Think Let's Encrypt)

      This bug was found as a result of the ongoing audit of Unbound by us (OSTIF) and X41 D-sec. A more detailed report on the audit and the fixes will be available soon as we wrap things up.

      More Info:
      https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241033
      https://nlnetlabs.nl/pipermail/unbound-users/2019-October/011832.html

      1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        @necrevistonnezr Thanks, good to know. Will keep an eye for the ubuntu update. Cloudron is not at risk because we only use it internally (it is not exposed via public port). We also don't use NOTIFY query (this is a zone change notification across dns servers) as we use unbound as a recursive resolver and nothing more.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post