OpenBSD Errata: February 8th, 2018 (unbound)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

OpenBSD Errata: February 8th, 2018 (unbound)

T.J. Townsend
Errata patches for unbound have been released for OpenBSD 6.2.

A flaw was found in the way unbound validated wildcard-synthesized
NSEC records. An improperly validated wildcard NSEC record could be
used to prove the non-existence (NXDOMAIN answer) of an existing
wildcard record, or trick unbound into accepting a NODATA proof.

For details, see

Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:

After patching, restart the unbound service.