Hi, Unbound 1.3.4 has sha1 70aea0092ad0b0cd76e57adc6a5843d3fa0d2a07 sha256 5a7f658b12c311f3c131d315b135956eeaa3bd7caa94b25b4777638ee7ce583f and can be found http://unbound.net/downloads/unbound-1.3.4.tar.gz
We have discovered a bug in NSEC3 validation handling code: Under specific circumstances checks of signatures over NSEC3 records are not done.
As a result carefully crafted delegation responses (created through exploiting general DNS vulnerabilities such as DNS packet spoofing) can be used to downgrade an existing secure delegation to insecure.
Unbound version 1.3.4 addresses this problem. With respect to version 1.3.3 there are no other features added in the 1.3.4 release.
Unbound users who depend on DNSSEC validation are advised to upgrade. Best regards, Wouter _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
