Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 43: unbound 1.24.1 Critical Domain Hijacking Threat 2025-16df491a66

fedora
Calendar Grey November 1, 2025
Dist Fedora Esm H88
Update to unbound 1.24.1 on Fedora fixes a critical domain hijacking issue. Immediate action recommended.
Update to 1.24.1 Enables DNS over QUIC server in unbound Fix CVE-2025-11411, (possible domain hijacking attack), reported by Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan from...

Summary

Unbound is a validating, recursive, and caching DNS(SEC) resolver.

The C implementation of Unbound is developed and maintained by NLnet

Labs. It is based on ideas and algorithms taken from a java prototype

developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also

DNSSEC (secure DNS) validation and stub-resolvers (that do not run

as a server, but are linked into an application) are easily possible.

Update Information:

Update to 1.24.1 Enables DNS over QUIC server in unbound Fix CVE-2025-11411, (possible domain hijacking attack), reported by Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University.

Topics%20covered

Topics Covered

security advisory fedora critical DoS domain hijacking unbound

Change Log

* Fri Oct 24 2025 Petr Men\u0161k - 1.24.1-1 - Update to 1.24.1 (rhbz#2405698) * Fri Oct 10 2025 Petr Men\u0161k - 1.24.0-6 - Create root key if missing automatically * Sat Oct 4 2025 Jens Kuehnel - 1.24.0-5 - allow parameters from fedora-defaults to be overwritten (rhzb#2401608) * Fri Sep 19 2025 Python Maint - 1.24.0-4 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Sep 19 2025 Petr Men\u0161k - 1.24.0-3 - Require only ngtcp ossl devel package and enable it * Thu Sep 18 2025 Petr Men\u0161k - 1.24.0-2 - Basic ngtcp2 support * Thu Sep 18 2025 Petr Men\u0161k - 1.24.0-1 - Update 1.24.0 (rhbz#2396332) * Fri Aug 29 2025 Petr Men\u0161k - 1.23.1-7 - Deprecate /etc/unbound/root.key * Fri Aug 29 2025 Petr Men\u0161k - 1.23.1-6 - Make even existing unbound_control.key readable by group * Fri Aug 29 2025 Petr Men\u0161k - 1.23.1-5 - Add new DNSSEC root anchor 38696 * Fri Aug 29 2025 Petr Men\u0161k - 1.23.1-4 - Make root.key maintained unmodified

References


[ 1 ] Bug #2396887 - unbound: Please rebuild in Fedora 43 https://bugzilla.redhat.com/show_bug.cgi?id=2396887 [ 2 ] Bug #2405698 - unbound-1.24.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2405698 [ 3 ] Bug #2407039 - unbound-1.24.1-1.fc43 failed to build https://bugzilla.redhat.com/show_bug.cgi?id=2407039

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-16df491a66' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: unbound
Product: Fedora 43
Version: 1.24.1
Release: 1.fc43
URL: https://nlnetlabs.nl/projects/unbound/about/
Summary: Validating, recursive, and caching DNS(SEC) resolver

Topics%20covered

Topics Covered

security advisory fedora critical DoS domain hijacking unbound

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here