UbuntuUpdates.org

Package "libunbound-dev"

Name: libunbound-dev

Description:

static library, header files, and docs for libunbound
Latest version: 1.13.1-1ubuntu5.15
Release: jammy (22.04)
Level: security
Repository: main
Head package: unbound
Homepage: https://www.unbound.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libunbound-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libunbound-dev" in Jammy

Repository Area Version
base main 1.13.1-1ubuntu5
updates main 1.13.1-1ubuntu5.15

Changelog

Version: 1.13.1-1ubuntu5.15 2026-05-20 13:07:34 UTC

  unbound (1.13.1-1ubuntu5.15) jammy-security; urgency=medium

  * SECURITY UPDATE: Packet of death with DNSCrypt (feasibility very low)
    - debian/patches/CVE-2026-32792.patch: validate len in
      dnscrypt/dnscrypt.c.
    - CVE-2026-32792
  * SECURITY UPDATE: Parsing a long list of incoming EDNS options degrades
    performance
    - debian/patches/CVE-2026-41292.patch: limit parsed edns options in
      util/data/msgparse.c.
    - CVE-2026-41292
  * SECURITY UPDATE: Jostle logic bypass degrades resolution performance
    - debian/patches/CVE-2026-42534.patch: properly handle jostle aging in
      services/mesh.c, services/mesh.h.
    - CVE-2026-42534
  * SECURITY UPDATE: Degradation of service with unbounded NSEC3 hash
    calculations
    - debian/patches/CVE-2026-42923.patch: limit salt length in
      validator/val_neg.c, validator/val_nsec3.c, validator/val_nsec3.h.
    - CVE-2026-42923
  * SECURITY UPDATE: Crash during DNSSEC validation of malicious content
    - debian/patches/CVE-2026-42959.patch: fix calculations in
      validator/val_utils.c.
    - CVE-2026-42959
  * SECURITY UPDATE: Possible cache poisoning attack while following
    delegation
    - debian/patches/CVE-2026-42960.patch: only mark glue as allowed for
      type NS in the authority section in iterator/iter_scrub.c.
    - CVE-2026-42960
  * SECURITY UPDATE: Unbounded name compression in certain cases causes
    degradation of service
    - debian/patches/CVE-2026-44390.patch: fix counting in
      util/data/msgencode.c.
    - CVE-2026-44390

 -- Marc Deslauriers <email address hidden> Tue, 19 May 2026 08:30:28 -0400
Source diff to previous version
CVE-2026-32792 Packet of death with DNSCrypt (feasibility very low
CVE-2026-41292 Parsing a long list of incoming EDNS options degrades performance
CVE-2026-42534 Jostle logic bypass degrades resolution performance
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
CVE-2026-42959 Crash during DNSSEC validation of malicious content
CVE-2026-42960 Possible cache poisoning attack while following delegation
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service

Version: 1.13.1-1ubuntu5.14 2025-12-02 17:08:55 UTC

  unbound (1.13.1-1ubuntu5.14) jammy-security; urgency=medium

  * SECURITY REGRESSION: Incomplete fix for CVE-2025-11411.
    - debian/patches/CVE-2025-11411-fix1.patch: Add mitigations for YXDOMAIN in
      iterator/iter_scrub.c. Add tests in testdata/iter_scrub_promiscuous.rpl
      and testdata/ratelimit.tdir/ratelimit.testns.
    - CVE-2025-11411

 -- Hlib Korzhynskyy <email address hidden> Mon, 01 Dec 2025 15:12:17 -0330
Source diff to previous version
CVE-2025-11411 NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive

Version: 1.13.1-1ubuntu5.13 2025-11-04 19:07:06 UTC

  unbound (1.13.1-1ubuntu5.13) jammy-security; urgency=medium

  * SECURITY UPDATE: promiscuous NS RRSets domain hijack issue
    - debian/patches/CVE-2025-11411.patch: fix possible domain hijacking
      attack and add new iter-scrub-promiscuous configuration option.
    - CVE-2025-11411

 -- Marc Deslauriers <email address hidden> Fri, 31 Oct 2025 09:39:13 -0400
Source diff to previous version
CVE-2025-11411 NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive

Version: 1.13.1-1ubuntu5.11 2025-07-24 19:09:39 UTC

  unbound (1.13.1-1ubuntu5.11) jammy-security; urgency=medium

  * SECURITY UPDATE: Rebirthday Attack cache poisoning issue
    - debian/patches/CVE-2025-5994.patch: Fix issue in
      edns-subnet/subnetmod.c, edns-subnet/subnetmod.h.
    - CVE-2025-5994

 -- Marc Deslauriers <email address hidden> Fri, 18 Jul 2025 13:40:33 -0400
Source diff to previous version
CVE-2025-5994 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS)

Version: 1.13.1-1ubuntu5.8 2024-10-22 11:07:00 UTC

  unbound (1.13.1-1ubuntu5.8) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service via large RRsets compression
    - debian/patches/CVE-2024-8508.patch: limit name compression
      calculations per packet to avoid CPU lockup in util/data/msgencode.c
    - CVE-2024-8508

 -- Vyom Yadav <email address hidden> Thu, 17 Oct 2024 11:28:18 +0530
CVE-2024-8508 NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform


About   -   Send Feedback to @ubuntu_updates