diff --git a/unbound.conf b/unbound.conf index 977d39f..0f83196 100644 --- a/unbound.conf +++ b/unbound.conf @@ -989,6 +989,7 @@ remote-control: # Set to no and use an absolute path as control-interface to use # a unix local named pipe for unbound-control. + # For local sockets this option is ignored, and TLS is not used. # control-use-cert: yes # what interfaces are listened to for remote control. @@ -997,14 +998,11 @@ remote-control: # are not used for that, so key and cert files need not be present. # control-interface: 127.0.0.1 # control-interface: ::1 + control-interface: "/run/unbound/control" # port number for remote control operations. # control-port: 8953 - # for localhost, you can disable use of TLS by setting this to "no" - # For local sockets this option is ignored, and TLS is not used. - control-use-cert: "no" - # Unbound server key file. server-key-file: "/etc/unbound/unbound_server.key" diff --git a/unbound.spec b/unbound.spec index fddb810..9541e35 100644 --- a/unbound.spec +++ b/unbound.spec @@ -30,7 +30,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.16.2 -Release: 6%{?extra_version:.%{extra_version}}%{?dist} +Release: 7%{?extra_version:.%{extra_version}}%{?dist} License: BSD Url: https://nlnetlabs.nl/projects/unbound/ Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz @@ -451,6 +451,9 @@ popd %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %changelog +* Wed Feb 28 2024 Petr Menšík - 1.16.2-7 +- Ensure only unbound group can change configuration (CVE-2024-1488) + * Fri Feb 16 2024 Tomas Korbar - 1.16.2-6 - Fix KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 - Fix Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868