Hi, Unbound 1.16.2 is available: https://nlnetlabs.nl/downloads/unbound/unbound-1.16.2.tar.gz sha256 2e32f283820c24c51ca1dd8afecfdb747c7385a137abe865c99db4b257403581 pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.16.2.tar.gz.asc
This release fixes the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. They were reported by Xiang Li from the Network and Information Security Lab of Tsinghua University. Other than that there are some bug fixes, and an option to configure the max retransmit timeout, infra-cache-max-rtt. If left at default it does not make any change.Because it is a security fix point release, there is no RC1 release candidate.
Features - Merge #718: Introduce infra-cache-max-rtt option to config max retransmit timeout. Bug Fixes - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. - Merge PR #668 from Cristian RodrÃguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets. - Fix verbose EDE error printout. - Fix dname count in sldns parse type descriptor for SVCB and HTTPS. - For windows crosscompile, fix setting the IPV6_MTU socket option equivalent (IPV6_USER_MTU); allows cross compiling with latest cross-compiler versions. - Merge PR 714: Avoid treat normal hosts as unresponsive servers. And fixup the lock code. - iana portlist update. - Update documentation for 'outbound-msg-retry:'. - Tests for ghost domain fixes. Best regards, Wouter
OpenPGP_0x9F6F1C2D7E045F8D.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
