Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 43: Unbound Critical Update CVE-2025-11411 - DoS Threat

fedora
Calendar Grey November 29, 2025
Dist Fedora Esm H88
Critical update for Unbound in Fedora 43 addressing CVE-2025-11411 with key fixes and recommendations for users.
Update to 1.24.2 (rhbz#2417261) Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2 Do not always initialize QUIC library, even if not ...

Summary

Unbound is a validating, recursive, and caching DNS(SEC) resolver.

The C implementation of Unbound is developed and maintained by NLnet

Labs. It is based on ideas and algorithms taken from a java prototype

developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also

DNSSEC (secure DNS) validation and stub-resolvers (that do not run

as a server, but are linked into an application) are easily possible.

Update Information:

Update to 1.24.2 (rhbz#2417261) Additional fix for CVE-2025-11411

Do not always initialize QUIC library, even if not usage of QUIC is configured.

Topics%20covered

Topics Covered

security advisory fedora critical DoS unbound cve-2025-11411

Change Log

* Wed Nov 26 2025 Petr Men\u0161k - 1.24.2-1 - Update to 1.16.2 (rhbz#2417261) - Additional fix for CVE-2025-11411 * Tue Nov 25 2025 Petr Men\u0161k - 1.24.1-7 - Create root.key from dns-root-data * Tue Nov 25 2025 Petr Men\u0161k - 1.24.1-6 - Add dependency on dns-root-data package * Mon Nov 24 2025 Petr Men\u0161k - 1.24.1-5 - Do not initialize QUIC when not requested (rhbz#2416728) * Thu Nov 6 2025 Petr Men\u0161k - 1.24.1-4 - Do not build with QUIC support in RHEL

References


[ 1 ] Bug #2416728 - Unbound fails to start in FIPS mode on Fedora 43 due to unconditional QUIC (DoQ) crypto initialization (ngtcp2_crypto_ossl_init failure) https://bugzilla.redhat.com/show_bug.cgi?id=2416728 [ 2 ] Bug #2417261 - unbound-1.24.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2417261

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-90281e4554' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: unbound
Product: Fedora 43
Version: 1.24.2
Release: 1.fc43
URL: https://nlnetlabs.nl/projects/unbound/about/
Summary: Validating, recursive, and caching DNS(SEC) resolver

Topics%20covered

Topics Covered

security advisory fedora critical DoS unbound cve-2025-11411

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here