Package "unbound"
| Name: |
unbound
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- static library, header files, and docs for libunbound
- library implementing DNS resolution and validation
|
| Latest version: |
1.24.2-1ubuntu2.1 |
| Release: |
resolute (26.04) |
| Level: |
updates |
| Repository: |
main |
Links
Other versions of "unbound" in Resolute
Packages in group
Deleted packages are displayed in grey.
Changelog
|
unbound (1.24.2-1ubuntu2.1) resolute-security; urgency=medium
* SECURITY UPDATE: Packet of death with DNSCrypt (feasibility very low)
- debian/patches/CVE-2026-32792: validate len in dnscrypt/dnscrypt.c.
- CVE-2026-32792
* SECURITY UPDATE: Possible remote code execution during DNSSEC validation
- debian/patches/CVE-2026-33278.patch: save rrsets alloc by gen_dns_msg
in services/cache/dns.c, testdata/*, validator/val_nsec3.c.
- CVE-2026-33278
* SECURITY UPDATE: "Ghost domain name" variant
- debian/patches/CVE-2026-40622.patch: never let an NS overwrite extend
lifetime past the entry it replaces in services/cache/rrset.c.
- CVE-2026-40622
* SECURITY UPDATE: Parsing a long list of incoming EDNS options degrades
performance
- debian/patches/CVE-2026-41292.patch: limit parsed edns options in
util/data/msgparse.c.
- CVE-2026-41292
* SECURITY UPDATE: Jostle logic bypass degrades resolution performance
- debian/patches/CVE-2026-42534.patch: properly handle jostle aging in
services/mesh.c, services/mesh.h.
- CVE-2026-42534
* SECURITY UPDATE: Degradation of service with unbounded NSEC3 hash
calculations
- debian/patches/CVE-2026-42923.patch: limit salt length in
validator/val_neg.c, validator/val_nsec3.c, validator/val_nsec3.h.
- CVE-2026-42923
* SECURITY UPDATE: Heap overflow and crash with multiple nsid, cookie,
padding EDNS options
- debian/patches/CVE-2026-42944.patch: use proper data sizes in
testcode/unitmain.c, util/data/msgencode.c, util/data/msgencode.h,
util/data/msgparse.c.
- CVE-2026-42944
* SECURITY UPDATE: Crash during DNSSEC validation of malicious content
- debian/patches/CVE-2026-42959.patch: fix calculations in
validator/val_utils.c.
- CVE-2026-42959
* SECURITY UPDATE: Possible cache poisoning attack while following
delegation
- debian/patches/CVE-2026-42960.patch: only mark glue as allowed for
type NS in the authority section in iterator/iter_scrub.c.
- CVE-2026-42960
* SECURITY UPDATE: Unbounded name compression in certain cases causes
degradation of service
- debian/patches/CVE-2026-44390.patch: fix counting in
util/data/msgencode.c.
- CVE-2026-44390
* SECURITY UPDATE: Use after free and crash in RPZ code
- debian/patches/CVE-2026-44608.patch: fix UaF in services/rpz.c.
- CVE-2026-44608
-- Marc Deslauriers <email address hidden> Mon, 18 May 2026 18:32:13 -0400
|
| CVE-2026-32792 |
Packet of death with DNSCrypt (feasibility very low |
| CVE-2026-33278 |
Possible arbitrary code execution during DNSSEC validation |
| CVE-2026-40622 |
"Ghost domain name" variant |
| CVE-2026-41292 |
Parsing a long list of incoming EDNS options degrades performance |
| CVE-2026-42534 |
Jostle logic bypass degrades resolution performance |
| CVE-2026-42923 |
Degradation of service with unbounded NSEC3 hash calculations |
| CVE-2026-42944 |
Heap overflow and crash with multiple nsid, cookie, padding EDNS options |
| CVE-2026-42959 |
Crash during DNSSEC validation of malicious content |
| CVE-2026-42960 |
Possible cache poisoning attack while following delegation |
| CVE-2026-44390 |
Unbounded name compression in certain cases causes degradation of service |
| CVE-2026-44608 |
Use after free and crash in RPZ code (special requirements apply) |
|
About
-
Send Feedback to @ubuntu_updates
