ALAS-2024-760

Amazon Linux 2023 Security Advisory: ALAS-2024-760
Advisory Release Date: 2024-11-13 12:28 Pacific
Advisory Updated Date: 2024-11-14 11:00 Pacific
Severity: Low
Issue Overview:

unbound: NULL Pointer Dereference in Unbound (CVE-2024-43167)

unbound: Heap-Buffer-Overflow in Unbound (CVE-2024-43168)


Affected Packages:

unbound


Issue Correction:
Run dnf update unbound --releasever 2023.6.20241111 to update your system.

New Packages:
aarch64:
    python3-unbound-debuginfo-1.17.1-1.amzn2023.0.7.aarch64
    unbound-debuginfo-1.17.1-1.amzn2023.0.7.aarch64
    unbound-1.17.1-1.amzn2023.0.7.aarch64
    unbound-devel-1.17.1-1.amzn2023.0.7.aarch64
    unbound-libs-debuginfo-1.17.1-1.amzn2023.0.7.aarch64
    python3-unbound-1.17.1-1.amzn2023.0.7.aarch64
    unbound-libs-1.17.1-1.amzn2023.0.7.aarch64
    unbound-anchor-debuginfo-1.17.1-1.amzn2023.0.7.aarch64
    unbound-anchor-1.17.1-1.amzn2023.0.7.aarch64
    unbound-utils-1.17.1-1.amzn2023.0.7.aarch64
    unbound-utils-debuginfo-1.17.1-1.amzn2023.0.7.aarch64
    unbound-debugsource-1.17.1-1.amzn2023.0.7.aarch64

src:
    unbound-1.17.1-1.amzn2023.0.7.src

x86_64:
    unbound-anchor-debuginfo-1.17.1-1.amzn2023.0.7.x86_64
    unbound-utils-debuginfo-1.17.1-1.amzn2023.0.7.x86_64
    unbound-debuginfo-1.17.1-1.amzn2023.0.7.x86_64
    unbound-libs-1.17.1-1.amzn2023.0.7.x86_64
    unbound-libs-debuginfo-1.17.1-1.amzn2023.0.7.x86_64
    unbound-utils-1.17.1-1.amzn2023.0.7.x86_64
    unbound-anchor-1.17.1-1.amzn2023.0.7.x86_64
    unbound-1.17.1-1.amzn2023.0.7.x86_64
    python3-unbound-1.17.1-1.amzn2023.0.7.x86_64
    python3-unbound-debuginfo-1.17.1-1.amzn2023.0.7.x86_64
    unbound-devel-1.17.1-1.amzn2023.0.7.x86_64
    unbound-debugsource-1.17.1-1.amzn2023.0.7.x86_64

Additional References

Red Hat: CVE-2024-43167, CVE-2024-43168

Mitre: CVE-2024-43167, CVE-2024-43168