Alerts This Week
Warning Icon 1 500
Alerts This Week
Warning Icon 1 500

Fedora 44 Unbound Important DNSSEC Issues Fix Advisory 2026-49f37e16aa

fedora
Calendar Grey May 26, 2026
Dist Fedora Esm H88
Fedora 44 updates unbound 1.25.1 addressing multiple critical issues related to DNSSEC validation and security.
Update to 1.25.1 (rhbz#2480119) Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation

Summary

Unbound is a validating, recursive, and caching DNS(SEC) resolver.

The C implementation of Unbound is developed and maintained by NLnet

Labs. It is based on ideas and algorithms taken from a java prototype

developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also

DNSSEC (secure DNS) validation and stub-resolvers (that do not run

as a server, but are linked into an application) are easily possible.

Update Information:

Update to 1.25.1 (rhbz#2480119) Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report. Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report. Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42...

Topics%20covered

Topics Covered

security advisory fedora remote execution important DNSSEC unbound

Change Log

* Wed May 20 2026 Petr Men\u0161k - 1.25.1-1 - Update to 1.25.1 (rhbz#2480119) * Tue May 19 2026 Petr Men\u0161k - 1.25.0-2 - Remove the key of Yorgos, one should be enough * Mon May 18 2026 Petr Men\u0161k - 1.25.0-1 - Update to 1.25.0 (rhbz#2463781) * Mon May 18 2026 Petr Men\u0161k - 1.24.2-12 - Simple support for openssl4 * Wed Mar 25 2026 Tomas Korbar - 1.24.2-11 - Change unbound dracut module

References


[ 1 ] Bug #2463781 - unbound-1.25.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463781 [ 2 ] Bug #2480119 - unbound-1.25.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480119

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-49f37e16aa' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: unbound
Product: Fedora 44
Version: 1.25.1
Release: 1.fc44
URL: https://nlnetlabs.nl/projects/unbound/
Summary: Validating, recursive, and caching DNS(SEC) resolver

Topics%20covered

Topics Covered

security advisory fedora remote execution important DNSSEC unbound

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here