Test ID:	1.3.6.1.4.1.25623.1.1.18.2.2024.1991.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:1991-1)
Summary:	The remote host is missing an update for the 'unbound' package(s) announced via the SUSE-SU-2024:1991-1 advisory.
Description:	Summary: The remote host is missing an update for the 'unbound' package(s) announced via the SUSE-SU-2024:1991-1 advisory. Vulnerability Insight: * CVE-2023-50387: DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. [bsc#1219823] * CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU. [bsc#1219826] * CVE-2022-30698: Novel 'ghost domain names' attack by introducing subdomain delegations. [bsc#1202033] * CVE-2022-30699: Novel 'ghost domain names' attack by updating almost expired delegation information. [bsc#1202031] * CVE-2022-3204: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack). [bsc#1203643] Packaging Changes: * Use prefixes instead of sudo in unbound.service * Remove no longer necessary BuildRequires: libfstrm-devel and libprotobuf-c-devel Affected Software/OS: 'unbound' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-30698 https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/ https://security.gentoo.org/glsa/202212-02 https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html Common Vulnerability Exposure (CVE) ID: CVE-2022-30699 Common Vulnerability Exposure (CVE) ID: CVE-2022-3204 https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/ Common Vulnerability Exposure (CVE) ID: CVE-2023-50387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ https://access.redhat.com/security/cve/CVE-2023-50387 https://bugzilla.suse.com/show_bug.cgi?id=1219823 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 https://kb.isc.org/docs/cve-2023-50387 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 https://news.ycombinator.com/item?id=39367411 https://news.ycombinator.com/item?id=39372384 https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ https://www.athene-center.de/aktuelles/key-trap https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf https://www.isc.org/blogs/2024-bind-security-release/ https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html http://www.openwall.com/lists/oss-security/2024/02/16/2 http://www.openwall.com/lists/oss-security/2024/02/16/3 Common Vulnerability Exposure (CVE) ID: CVE-2023-50868 https://access.redhat.com/security/cve/CVE-2023-50868 https://bugzilla.suse.com/show_bug.cgi?id=1219826 https://datatracker.ietf.org/doc/html/rfc5155 https://kb.isc.org/docs/cve-2023-50868
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.