BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBSD Errata: February 8th, 2018 (unbound)

Errata patches for unbound have been released for OpenBSD 6.2.

A flaw was found in the way unbound validated wildcard-synthesized
NSEC records. An improperly validated wildcard NSEC record could be
used to prove the non-existence (NXDOMAIN answer) of an existing
wildcard record, or trick unbound into accepting a NODATA proof.

For details, see https://unbound.net/downloads/CVE-2017-15105.txt

Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:

  https://www.openbsd.org/errata62.html

After patching, restart the unbound service.