Fedora alert FEDORA-2026-49f37e16aa (unbound)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: unbound-1.25.1-1.fc44 | |
| Date: | Tue, 26 May 2026 00:56:59 +0000 | |
| Message-ID: | <20260526005659.8CE5B6D721@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-49f37e16aa 2026-05-26 00:55:24.541616+00:00 -------------------------------------------------------------------------------- Name : unbound Product : Fedora 44 Version : 1.25.1 Release : 1.fc44 URL : https://nlnetlabs.nl/projects/unbound/ Summary : Validating, recursive, and caching DNS(SEC) resolver Description : Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. -------------------------------------------------------------------------------- Update Information: Update to 1.25.1 (rhbz#2480119) Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report. Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report. Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report. Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Swapped sources signature source number with systemd unit to have them close. Update to 1.25.0 (rhbz#2463781) Feature changes: Improved TTL 0 handling Reload also certificates on reload if they have changed Allow control-interface specification also of port. Added new tls-protocols option. Can disable TLS 1.2 explicitly. And bug fixes. Remove merged patches. Source: https://nlnetlabs.nl/projects/unbound/download/#unbound-1... -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2026 Petr Menšík <pemensik@redhat.com> - 1.25.1-1 - Update to 1.25.1 (rhbz#2480119) * Tue May 19 2026 Petr Menšík <pemensik@redhat.com> - 1.25.0-2 - Remove the key of Yorgos, one should be enough * Mon May 18 2026 Petr Menšík <pemensik@redhat.com> - 1.25.0-1 - Update to 1.25.0 (rhbz#2463781) * Mon May 18 2026 Petr Menšík <pemensik@redhat.com> - 1.24.2-12 - Simple support for openssl4 * Wed Mar 25 2026 Tomas Korbar <tkorbar@redhat.com> - 1.24.2-11 - Change unbound dracut module -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463781 - unbound-1.25.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463781 [ 2 ] Bug #2480119 - unbound-1.25.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480119 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-49f37e16aa' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Attachment: None (type=text/plain)
-- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new