Multiple critical vulnerabilities in Unbound, a DNS resolver, could lead to denial of service, cache poisoning, or arbitrary code execution. The most severe is CVE-2026-33278 with a CVSS score of 9.8 (Critical). Affected versions include NLnetLabs Unbound 1.19.1 through 1.25.0, and the fixed version is 1.25.1.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6304-1] unbound security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6304-1] unbound security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Wed, 27 May 2026 21:03:06 +0000 Message-id: <[🔎] ahdcChTHFlFmFBaF@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6304-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : unbound CVE ID : CVE-2026-33278 CVE-2026-42944 CVE-2026-42959 CVE-2026-32792 CVE-2026-40622 CVE-2026-41292 CVE-2026-42534 CVE-2026-42923 CVE-2026-42960 CVE-2026-44390 CVE-2026-44608 Multiple security vulnerabilities were discovered in Unbound, a validating, recursive, caching DNS resolver, which could result in denial of service, cache poisoning or potentially the execution of arbitrary code. For the stable distribution (trixie), this problem has been fixed in version 1.22.0-2+deb13u3. We recommend that you upgrade your unbound packages. For the detailed security status of unbound please refer to its security tracker page at: https://security-tracker.debian.org/tracker/unbound Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoXW0MACgkQEMKTtsN8 Tjbu/A//VRLBzfM/m9euLxIxGYWNlIOjoA9lxLa13MXhXuGJorfWAfwbx2mkEPrc 9GVo51e/73ydLY9GumRS6F+syyUEjMk312KW/wGp2gtCTzeI907w/bh4nuzt/43R XQnLCpNQYcxDjUgT5JYgolSOGZwfC6V+zlXVbvw9h9uERpD3o0r64MUk6J7LcPTZ /QeUAqdqczA1oSRqwNS2kDpIg8TUlMFciPPZ9WhhNJ/IbxDfgsh+4G9y8e3L8gFN fkuWCnhaolDVo/UEsN1kAFblzDHlaThuCLE+vM1q/birjW83/PEzxvUfMpcfyrPY wpAeptGuEw6cb3CHIG/oXSHS31ZT4ONc+oBUKHTqwzvkN4CRZQTYkbOVh9hSDlQc 8OvBkeCn651h9quW2e8W5aBqfaquY5ozAKK80viL99wdCzPQeCIvJlafpb5zy6S+ zU7sqmr0rYKqcbsiKcl4sS8gzidUfVQ0TFAMZtgAmTCNAcePsNosxYNbe+Sf9fke T/TdgwLiLKanmy4MMDof1Hz+EhfwK16zl3jvsGRETkRX39GO5Hiblg/wkOgGZC6m RgcX7WS3epWu3/PC7M5kBhl+ocK2rMAX8e9Eacp760jZKVxYkKCbYdsRobxoBAOe IX/SrH6N14x5383HLRZT9m+dU3gpv+LmL+RPDCLSKOCn7FVoe3w= =qbGa -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6303-1] varnish security update Previous by thread: [SECURITY] [DSA 6303-1] varnish security update Index(es): Date Thread