|
|
Log in / Subscribe / Register

Debian alert DSA-6071-1 (unbound)



From:
              Moritz Muehlenhoff <jmm@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6071-1] unbound security update


Date:
              Thu, 04 Dec 2025 20:33:14 +0000


Message-ID:
              <aTHwCiHcnlM9EueQ@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6071-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 04, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : unbound
CVE ID         : CVE-2025-11411

It was discovered that incorrect handling of promiscuous NS RRSets in
Unbound, a validating, recursive, caching DNS resolver, could result in
cache poisoning.

For the stable distribution (trixie), this problem has been fixed in
version 1.22.0-2+deb13u1.

We recommend that you upgrade your unbound packages.

For the detailed security status of unbound please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unbound

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkx7/AACgkQEMKTtsN8
TjY7CA//VnatBztWXPVbEozG6IgyJNqRDDgg8vh1UABAnq0UHkFgx1vknTmBSaqz
hES7glvQpFCsphXT6HSOTHYDrTVIJMhvPxUxUUpkeEYN8Q4vxxVmD2rQXkh9xOQR
BW0Gh/+UVuUUVBiB9mmECETb1lT4n7FUSvRpSKGwE/Nh7ClLMshZHTuxATpKj3ML
aRufmVeuTDi8C1WT7xjbs4t0/+JTPS1LYtVfNtIDDm8MfpB21EjY26mPmvfCCa0n
W1vl7BECuCh2cK4Tn991vUhbUwxzJ9gmAw+9L86yr+0IOtsGiUYExZclAmPx7H3f
RUeqms16w8f4QxR/KWj3iYvpKBfPFrAhycdq/G9linC3kw9Ap8dasAWDj8ph749I
1jOVTh2KE5fOjYCXiE1RlZGN6SHqymYELivCm190X8lTnii/VhKtlqzThyeF7++E
/a0ImMFIHH/0JXnasJeXs8jZCJm2ugl1VbokNVrE7B9+3zKEExp54dTzUsbyoRXP
qz+lAlI9CAuFeha59YlM6CNz98j0YS2x7qdsRzb32QXZWvCX5rbNyKG9TnWsHOfo
BgPDGKEMZdM8JLLLYUq0s+UboWf3vrEc5Go62TfTYexU5eFZ2IwRuwM4HTNFzGGO
XBUv0upGSg8l9HI3Q23oivm5/z9eafV20swjydP1Q3IWBx28/ug=
=IFUf
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds