Alerts This Week
Warning Icon 1 975
Alerts This Week
Warning Icon 1 975

Fedora 43 addresses severe remote code execution vulnerabilities in Unbound

fedora
Calendar Grey June 2, 2026
Dist Fedora Esm H88
Discover critical unbound updates for Fedora 43 addressing multiple issues including remote code execution and heap overflow.
Update to 1.25.1 (rhbz#2480119) Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation

Summary

Unbound is a validating, recursive, and caching DNS(SEC) resolver.

The C implementation of Unbound is developed and maintained by NLnet

Labs. It is based on ideas and algorithms taken from a java prototype

developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also

DNSSEC (secure DNS) validation and stub-resolvers (that do not run

as a server, but are linked into an application) are easily possible.

Update Information:

Update to 1.25.1 (rhbz#2480119) Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report. Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report. Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42...

Topics%20covered

Topics Covered

security advisory fedora critical remote code execution heap overflow DNSSEC

Change Log

* Wed May 20 2026 Petr Menšík - 1.25.1-1 - Update to 1.25.1 (rhbz#2480119) * Tue May 19 2026 Petr Menšík - 1.25.0-3 - Remove the key of Yorgos, one should be enough * Tue May 19 2026 Petr Menšík - 1.25.0-2 - Replace Wouter's key with release-g2 key * Tue May 19 2026 Petr Menšík - 1.25.0-1 - Update to 1.25.0 (rhbz#2463781) * Mon Feb 9 2026 Petr Menšík - 1.24.2-3 - Change the default of tls-use-system-policy-versions at build-time * Mon Feb 9 2026 Petr Menšík - 1.24.2-2 - Switch TLS configuration to follow TLS sockets by crypto-policy again

References


[ 1 ] Bug #2480119 - unbound-1.25.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480119

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3223ded15e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: unbound
Product: Fedora 43
Version: 1.25.1
Release: 1.fc43
URL: https://nlnetlabs.nl/projects/unbound/
Summary: Validating, recursive, and caching DNS(SEC) resolver

Topics%20covered

Topics Covered

security advisory fedora critical remote code execution heap overflow DNSSEC

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here