Amazon Linux 2023 Security Advisory: ALAS-2024-604
Advisory Release Date: 2024-04-25 16:40 Pacific
Advisory Updated Date: 2024-04-25 16:40 Pacific
Severity:
Important
Issue Overview:
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. (CVE-2024-1488)
Affected Packages:
unbound
Issue Correction:
Run dnf update unbound --releasever 2023.4.20240429 to update your system.
New Packages:
aarch64:
unbound-anchor-debuginfo-1.17.1-1.amzn2023.0.3.aarch64
unbound-devel-1.17.1-1.amzn2023.0.3.aarch64
unbound-debuginfo-1.17.1-1.amzn2023.0.3.aarch64
python3-unbound-debuginfo-1.17.1-1.amzn2023.0.3.aarch64
unbound-1.17.1-1.amzn2023.0.3.aarch64
unbound-utils-1.17.1-1.amzn2023.0.3.aarch64
unbound-libs-1.17.1-1.amzn2023.0.3.aarch64
unbound-libs-debuginfo-1.17.1-1.amzn2023.0.3.aarch64
unbound-utils-debuginfo-1.17.1-1.amzn2023.0.3.aarch64
unbound-anchor-1.17.1-1.amzn2023.0.3.aarch64
python3-unbound-1.17.1-1.amzn2023.0.3.aarch64
unbound-debugsource-1.17.1-1.amzn2023.0.3.aarch64
src:
unbound-1.17.1-1.amzn2023.0.3.src
x86_64:
unbound-debuginfo-1.17.1-1.amzn2023.0.3.x86_64
unbound-libs-debuginfo-1.17.1-1.amzn2023.0.3.x86_64
unbound-anchor-debuginfo-1.17.1-1.amzn2023.0.3.x86_64
python3-unbound-debuginfo-1.17.1-1.amzn2023.0.3.x86_64
unbound-devel-1.17.1-1.amzn2023.0.3.x86_64
python3-unbound-1.17.1-1.amzn2023.0.3.x86_64
unbound-utils-1.17.1-1.amzn2023.0.3.x86_64
unbound-anchor-1.17.1-1.amzn2023.0.3.x86_64
unbound-1.17.1-1.amzn2023.0.3.x86_64
unbound-libs-1.17.1-1.amzn2023.0.3.x86_64
unbound-debugsource-1.17.1-1.amzn2023.0.3.x86_64
unbound-utils-debuginfo-1.17.1-1.amzn2023.0.3.x86_64