[Unbound-users] Release of unbound 1.3.4
wouter at NLnetLabs.nl
Wed Oct 7 15:15:39 UTC 2009
Unbound 1.3.4 has sha1 70aea0092ad0b0cd76e57adc6a5843d3fa0d2a07
and can be found http://unbound.net/downloads/unbound-1.3.4.tar.gz
We have discovered a bug in NSEC3 validation handling code: Under
specific circumstances checks of signatures over NSEC3 records are not done.
As a result carefully crafted delegation responses (created through
exploiting general DNS vulnerabilities such as DNS packet spoofing) can
be used to downgrade an existing secure delegation to insecure.
Unbound version 1.3.4 addresses this problem. With respect to version
1.3.3 there are no other features added in the 1.3.4 release.
Unbound users who depend on DNSSEC validation are advised to upgrade.
More information about the Unbound-users