CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
13.0%
An update is available for unbound.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Security Fix(es):
To mitigate the vulnerability, a new file
“/etc/unbound/conf.d/remote-control.conf” has been added and included in the
main unbound configuration file, “unbound.conf”. The file contains two
directives that should limit access to unbound.conf:
control-interface: "/run/unbound/control"
control-use-cert: "yes"
For details about these directives, run “man unbound.conf”.
Updating to the version of unbound provided by this advisory should, in most
cases, address the vulnerability. To verify that your configuration is not
vulnerable, use the “unbound-control status | grep control” command. If the
output contains “control(ssl)” or “control(namedpipe)”, your configuration is
not vulnerable. If the command output returns only “control”, the configuration
is vulnerable because it does not enforce access only to the unbound group
members. To fix your configuration, add the line “include:
/etc/unbound/conf.d/remote-control.conf” to the end of the file
“/etc/unbound/unbound.conf”. If you use a custom
“/etc/unbound/conf.d/remote-control.conf” file, add the new directives to this
file. (CVE-2024-1488)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
rocky | 9 | aarch64 | python3-unbound | < 1.16.2-3.el9_3.5 | python3-unbound-0:1.16.2-3.el9_3.5.aarch64.rpm |
rocky | 9 | ppc64le | python3-unbound | < 1.16.2-3.el9_3.5 | python3-unbound-0:1.16.2-3.el9_3.5.ppc64le.rpm |
rocky | 9 | s390x | python3-unbound | < 1.16.2-3.el9_3.5 | python3-unbound-0:1.16.2-3.el9_3.5.s390x.rpm |
rocky | 9 | x86_64 | python3-unbound | < 1.16.2-3.el9_3.5 | python3-unbound-0:1.16.2-3.el9_3.5.x86_64.rpm |
rocky | 9 | aarch64 | python3-unbound-debuginfo | < 1.16.2-3.el9_3.5 | python3-unbound-debuginfo-0:1.16.2-3.el9_3.5.aarch64.rpm |
rocky | 9 | ppc64le | python3-unbound-debuginfo | < 1.16.2-3.el9_3.5 | python3-unbound-debuginfo-0:1.16.2-3.el9_3.5.ppc64le.rpm |
rocky | 9 | s390x | python3-unbound-debuginfo | < 1.16.2-3.el9_3.5 | python3-unbound-debuginfo-0:1.16.2-3.el9_3.5.s390x.rpm |
rocky | 9 | x86_64 | python3-unbound-debuginfo | < 1.16.2-3.el9_3.5 | python3-unbound-debuginfo-0:1.16.2-3.el9_3.5.x86_64.rpm |
rocky | 9 | aarch64 | unbound | < 1.16.2-3.el9_3.5 | unbound-0:1.16.2-3.el9_3.5.aarch64.rpm |
rocky | 9 | ppc64le | unbound | < 1.16.2-3.el9_3.5 | unbound-0:1.16.2-3.el9_3.5.ppc64le.rpm |