Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Ubuntu 22.04 LTS: Critical Cache Poisoning Issue in Unbound USN-7666-1

Calendar Jul 22, 2025 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory DoS Ubuntu important cache poisoning unbound
The Unbound cache could be poisoned if it received specially crafted network traffic. 
==========================================================================
Ubuntu Security Notice USN-7666-1
July 22, 2025

unbound vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

The Unbound cache could be poisoned if it received specially crafted
network traffic.

Software Description:
- unbound: validating, recursive, caching DNS resolver

Details:

Xiang Li discovered that Unbound incorrectly handled EDNS Client Subnet
(ECS) in certain configurations. A remote attacker could possibly use this
issue to perform a cache poisoning attack called Rebirthday Attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libunbound8                     1.22.0-1ubuntu1.1
  unbound                         1.22.0-1ubuntu1.1

Ubuntu 24.04 LTS
  libunbound8                     1.19.2-1ubuntu3.5
  unbound                         1.19.2-1ubuntu3.5

Ubuntu 22.04 LTS
  libunbound8                     1.13.1-1ubuntu5.11
  unbound                         1.13.1-1ubuntu5.11

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7666-1
  CVE-2025-5994

Package Information:
  https://launchpad.net/ubuntu/+source/unbound/1.22.0-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/unbound/1.19.2-1ubuntu3.5
  https://launchpad.net/ubuntu/+source/unbound/1.13.1-1ubuntu5.11

Ubuntu 22.04 LTS: Critical Cache Poisoning Issue in Unbound USN-7666-1

ubuntu
Calendar Grey July 22, 2025
Dist Ubuntu Esm H88
The security flaw in Unbound's caching mechanism may be compromised through specially designed network packets. Prompt patching advised.
The Unbound cache could be poisoned if it received specially crafted network traffic.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: The Unbound cache could be poisoned if it received specially crafted network traffic. Software Description: - unbound: validating, recursive, caching DNS resolver Details: Xiang Li discovered that Unbound incorrectly handled EDNS Client Subnet (ECS) in certain configurations. A remote attacker could possibly use this issue to perform a cache poisoning attack called Rebirthday Attack.

Topics%20covered

Topics Covered

security advisory DoS Ubuntu important cache poisoning unbound

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libunbound8 1.22.0-1ubuntu1.1 unbound 1.22.0-1ubuntu1.1 Ubuntu 24.04 LTS libunbound8 1.19.2-1ubuntu3.5 unbound 1.19.2-1ubuntu3.5 Ubuntu 22.04 LTS libunbound8 1.13.1-1ubuntu5.11 unbound 1.13.1-1ubuntu5.11 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7666-1

CVE-2025-5994

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7666-1

Topics%20covered

Topics Covered

security advisory DoS Ubuntu important cache poisoning unbound

Package Information

https://launchpad.net/ubuntu/+source/unbound/1.22.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/unbound/1.19.2-1ubuntu3.5 https://launchpad.net/ubuntu/+source/unbound/1.13.1-1ubuntu5.11

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here