Unbound 1.16.2 released
Wouter Wijngaards
wouter at nlnetlabs.nl
Mon Aug 1 12:11:00 UTC 2022
Hi,
Unbound 1.16.2 is available:
https://nlnetlabs.nl/downloads/unbound/unbound-1.16.2.tar.gz
sha256 2e32f283820c24c51ca1dd8afecfdb747c7385a137abe865c99db4b257403581
pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.16.2.tar.gz.asc
This release fixes the novel ghost domain issues CVE-2022-30698 and
CVE-2022-30699. They were reported by Xiang Li from the Network and
Information Security Lab of Tsinghua University.
Other than that there are some bug fixes, and an option to configure the
max retransmit timeout, infra-cache-max-rtt. If left at default it does
not make any change.
Because it is a security fix point release, there is no RC1 release
candidate.
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
Best regards, Wouter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x9F6F1C2D7E045F8D.asc
Type: application/pgp-keys
Size: 11763 bytes
Desc: OpenPGP public key
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220801/3039eefa/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220801/3039eefa/attachment-0001.bin>
More information about the Unbound-users
mailing list