python-dns security update

An update is available for python-dns. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-dns package contains the dnslib module that implements a DNS...

RLSA-2024:3271 Important: bind and dhcp security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...

RLSA-2024:3275 Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fixes: dnspython: denial of service in stub resolver CVE-2023-29483 For more details about th...

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System DNS on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the...

spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...

RHEL 7 : dnsmasq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dnsmasq: unchecked return value of the setupreply function CVE-2015-3294 - dnsmasq: insecure default...

The vulnerability of the DNS resolver, knot resolver, arises due to insufficient validation of input data. This allows attackers to convert a domain protected by DNSSEC into a domain that is not protected by DNSSEC.

The vulnerability of the DNS resolver, Knot Resolver, exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to trigger a Denial-of-Service attack by using multiple TCP connections...

EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1783)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods,...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1712)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1736)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect domain; is configured, and - t...

EulerOS Virtualization 2.11.0 : bind (EulerOS-SA-2024-1723)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses...

USN-6791-1: Unbound vulnerability

It was discovered that Unbound could take part in a denial of service amplification attack known as DNSBomb. This update introduces certain resource limits to make the impact from Unbound significantly lower...

Fedora: Security Advisory (FEDORA-2024-9df760819c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-8b20de41f0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-3b173364d4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for unbound (FEDORA-2024-5bfa220621)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-68626e0eb5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: unbound-1.20.0-1.fc39

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

[SECURITY] Fedora 40 Update: unbound-1.20.0-1.fc40

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

The vulnerability of the Unbound DNS server lies in its ability to generate a burst of requests to the server using responses from DNS resolvers. This allows a hacker to execute a DDoS attack by utilizing DNS traffic.

The vulnerability of the Unbound DNS server relates to the possibility of generating an impulsive flow of numerous requests to the server, using responses from DNS resolvers. Exploiting this vulnerability allows a malicious actor to carry out a DDoS attack by utilizing DNS traffic...