ALAS-2024-610

Amazon Linux 2023 Security Advisory: ALAS-2024-610
Advisory Release Date: 2024-05-09 17:16 Pacific
Advisory Updated Date: 2024-05-15 19:36 Pacific
Severity: Important
Issue Overview:

An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification. (CVE-2024-33655)


Affected Packages:

unbound


Issue Correction:
Run dnf update unbound --releasever 2023.4.20240513 to update your system.

New Packages:
aarch64:
    unbound-debuginfo-1.17.1-1.amzn2023.0.4.aarch64
    unbound-devel-1.17.1-1.amzn2023.0.4.aarch64
    unbound-anchor-1.17.1-1.amzn2023.0.4.aarch64
    python3-unbound-1.17.1-1.amzn2023.0.4.aarch64
    unbound-anchor-debuginfo-1.17.1-1.amzn2023.0.4.aarch64
    unbound-utils-1.17.1-1.amzn2023.0.4.aarch64
    unbound-utils-debuginfo-1.17.1-1.amzn2023.0.4.aarch64
    unbound-libs-debuginfo-1.17.1-1.amzn2023.0.4.aarch64
    python3-unbound-debuginfo-1.17.1-1.amzn2023.0.4.aarch64
    unbound-1.17.1-1.amzn2023.0.4.aarch64
    unbound-libs-1.17.1-1.amzn2023.0.4.aarch64
    unbound-debugsource-1.17.1-1.amzn2023.0.4.aarch64

src:
    unbound-1.17.1-1.amzn2023.0.4.src

x86_64:
    unbound-debuginfo-1.17.1-1.amzn2023.0.4.x86_64
    unbound-utils-debuginfo-1.17.1-1.amzn2023.0.4.x86_64
    unbound-anchor-debuginfo-1.17.1-1.amzn2023.0.4.x86_64
    unbound-devel-1.17.1-1.amzn2023.0.4.x86_64
    unbound-libs-debuginfo-1.17.1-1.amzn2023.0.4.x86_64
    unbound-1.17.1-1.amzn2023.0.4.x86_64
    unbound-libs-1.17.1-1.amzn2023.0.4.x86_64
    python3-unbound-1.17.1-1.amzn2023.0.4.x86_64
    unbound-debugsource-1.17.1-1.amzn2023.0.4.x86_64
    python3-unbound-debuginfo-1.17.1-1.amzn2023.0.4.x86_64
    unbound-utils-1.17.1-1.amzn2023.0.4.x86_64
    unbound-anchor-1.17.1-1.amzn2023.0.4.x86_64

Additional References

Red Hat: CVE-2024-33655

Mitre: CVE-2024-33655