ELA-1046-1 unbound1.9 security update
ELA-1045-1 phpseclib security update
ELA-1046-1 unbound1.9 security update
Package : unbound1.9
Version : 1.9.0-2+deb10u2~deb9u4 (stretch)
Related CVEs :
CVE-2023-50387
CVE-2023-50868
Two vulnerabilities were discovered in unbound, a validating, recursive,
caching DNS resolver. Specially crafted DNSSEC answers could lead unbound
down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3
hash (CVE-2023-50868) validation path, resulting in denial of service.
ELA-1045-1 phpseclib security update
Package : phpseclib
Version : 1.0.19-1~deb9u2 (stretch)
Related CVEs :
CVE-2023-48795
phpseclib, a library used for secure communication written in PHP language, was
vulnerable to so called Terrapin-Attack. The SSH transport protocol, with
certain OpenSSH extensions, allows remote attackers to bypass
integrity checks such that some packets are omitted
(from the extension negotiation message), and a client and
server may consequently end up with a connection for which some security
features have been downgraded or disabled.
