Alerts This Week
Warning Icon 1 1,213
Alerts This Week
Warning Icon 1 1,213

openSUSE Unbound Important Fixes for Multiple Issues 2026-21083-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
This update for openSUSE addresses 11 important vulnerabilities in unbound with solutions and guidance for installation.
An update that solves 11 vulnerabilities and has 11 bug fixes can now be installed.

Description

This update for unbound fixes the following issues

- CVE-2026-32792: Packet of death with DNSCrypt (bsc#1265583).

- CVE-2026-33278: Possible remote code execution during DNSSEC validation (bsc#1265587).

- CVE-2026-40622: "Ghost domain name" variant (bsc#1265581).

- CVE-2026-41292: Parsing a long list of incoming EDNS options degrades performance (bsc#1265580).

- CVE-2026-42534: Jostle logic bypass degrades resolution performance (bsc#1265585).

- CVE-2026-42923: Degradation of service with unbounded NSEC3 hash calculations (bsc#1265589).

- CVE-2026-42944: Heap overflow and crash with multiple nsid, cookie, padding EDNS options (bsc#1265578).

- CVE-2026-42959: Crash during DNSSEC validation of malicious content (bsc#1265586).

- CVE-2026-42960: Possible cache poisoning attack while following delegation (bsc#1265588).

- CVE-2026-44390: Unbounded name compression in certain cases causes degradation of service (bsc#1265584).

- CVE-2026-44608: Use after free and crash in RPZ code...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service remote code execution important OpenSUSE unbound

Patch

Package List

- openSUSE Leap 16.0:

libunbound8-1.24.1-160000.2.1

python3-unbound-1.24.1-160000.2.1

unbound-1.24.1-160000.2.1

unbound-anchor-1.24.1-160000.2.1

unbound-devel-1.24.1-160000.2.1

unbound-munin-1.24.1-160000.2.1

References

* bsc#1265578

* bsc#1265580

* bsc#1265581

* bsc#1265582

* bsc#1265583

* bsc#1265584

* bsc#1265585

* bsc#1265586

* bsc#1265587

* bsc#1265588

* bsc#1265589

References:

* https://www.suse.com/security/cve/CVE-2026-32792.html

* https://www.suse.com/security/cve/CVE-2026-33278.html

* https://www.suse.com/security/cve/CVE-2026-40622.html

* https://www.suse.com/security/cve/CVE-2026-41292.html

* https://www.suse.com/security/cve/CVE-2026-42534.html

* https://www.suse.com/security/cve/CVE-2026-42923.html

* https://www.suse.com/security/cve/CVE-2026-42944.html

* https://www.suse.com/security/cve/CVE-2026-42959.html

* https://www.suse.com/security/cve/CVE-2026-42960.html

* https://www.suse.com/security/cve/CVE-2026-44390.html

* https://www.suse.com/security/cve/CVE-2026-44608.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21083-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory denial of service remote code execution important OpenSUSE unbound

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here