Package "libunbound-dev"
| Name: |
libunbound-dev
|
Description: |
static library, header files, and docs for libunbound
|
| Latest version: |
1.19.2-1ubuntu3.8 |
| Release: |
noble (24.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
unbound |
| Homepage: |
https://www.unbound.net/ |
Links
Download "libunbound-dev"
Other versions of "libunbound-dev" in Noble
Changelog
|
unbound (1.19.2-1ubuntu3.8) noble-security; urgency=medium
* SECURITY UPDATE: Packet of death with DNSCrypt (feasibility very low)
- debian/patches/CVE-2026-32792: validate len in dnscrypt/dnscrypt.c.
- CVE-2026-32792
* SECURITY UPDATE: Possible remote code execution during DNSSEC validation
- debian/patches/CVE-2026-33278.patch: save rrsets alloc by gen_dns_msg
in services/cache/dns.c, testdata/*, validator/val_nsec3.c.
- CVE-2026-33278
* SECURITY UPDATE: "Ghost domain name" variant
- debian/patches/CVE-2026-40622.patch: never let an NS overwrite extend
lifetime past the entry it replaces in services/cache/rrset.c.
- CVE-2026-40622
* SECURITY UPDATE: Parsing a long list of incoming EDNS options degrades
performance
- debian/patches/CVE-2026-41292.patch: limit parsed edns options in
util/data/msgparse.c.
- CVE-2026-41292
* SECURITY UPDATE: Jostle logic bypass degrades resolution performance
- debian/patches/CVE-2026-42534.patch: properly handle jostle aging in
services/mesh.c, services/mesh.h.
- CVE-2026-42534
* SECURITY UPDATE: Degradation of service with unbounded NSEC3 hash
calculations
- debian/patches/CVE-2026-42923.patch: limit salt length in
validator/val_neg.c, validator/val_nsec3.c, validator/val_nsec3.h.
- CVE-2026-42923
* SECURITY UPDATE: Heap overflow and crash with multiple nsid, cookie,
padding EDNS options
- debian/patches/CVE-2026-42944.patch: use proper data sizes in
testcode/unitmain.c, util/data/msgencode.c, util/data/msgencode.h,
util/data/msgparse.c.
- CVE-2026-42944
* SECURITY UPDATE: Crash during DNSSEC validation of malicious content
- debian/patches/CVE-2026-42959.patch: fix calculations in
validator/val_utils.c.
- CVE-2026-42959
* SECURITY UPDATE: Possible cache poisoning attack while following
delegation
- debian/patches/CVE-2026-42960.patch: only mark glue as allowed for
type NS in the authority section in iterator/iter_scrub.c.
- CVE-2026-42960
* SECURITY UPDATE: Unbounded name compression in certain cases causes
degradation of service
- debian/patches/CVE-2026-44390.patch: fix counting in
util/data/msgencode.c.
- CVE-2026-44390
* SECURITY UPDATE: Use after free and crash in RPZ code
- debian/patches/CVE-2026-44608.patch: fix UaF in services/rpz.c.
- CVE-2026-44608
-- Marc Deslauriers <email address hidden> Mon, 18 May 2026 19:42:21 -0400
|
| Source diff to previous version |
| CVE-2026-32792 |
Packet of death with DNSCrypt (feasibility very low |
| CVE-2026-33278 |
Possible arbitrary code execution during DNSSEC validation |
| CVE-2026-40622 |
"Ghost domain name" variant |
| CVE-2026-41292 |
Parsing a long list of incoming EDNS options degrades performance |
| CVE-2026-42534 |
Jostle logic bypass degrades resolution performance |
| CVE-2026-42923 |
Degradation of service with unbounded NSEC3 hash calculations |
| CVE-2026-42944 |
Heap overflow and crash with multiple nsid, cookie, padding EDNS options |
| CVE-2026-42959 |
Crash during DNSSEC validation of malicious content |
| CVE-2026-42960 |
Possible cache poisoning attack while following delegation |
| CVE-2026-44390 |
Unbounded name compression in certain cases causes degradation of service |
| CVE-2026-44608 |
Use after free and crash in RPZ code (special requirements apply) |
|
|
unbound (1.19.2-1ubuntu3.7) noble-security; urgency=medium
* SECURITY REGRESSION: Incomplete fix for CVE-2025-11411.
- debian/patches/CVE-2025-11411-fix1.patch: Add mitigations for YXDOMAIN in
iterator/iter_scrub.c. Add tests in testdata/iter_scrub_promiscuous.rpl
and testdata/ratelimit.tdir/ratelimit.testns.
- CVE-2025-11411
-- Hlib Korzhynskyy <email address hidden> Mon, 01 Dec 2025 14:03:30 -0330
|
| Source diff to previous version |
| CVE-2025-11411 |
NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive |
|
|
unbound (1.19.2-1ubuntu3.6) noble-security; urgency=medium
* SECURITY UPDATE: promiscuous NS RRSets domain hijack issue
- debian/patches/CVE-2025-11411.patch: fix possible domain hijacking
attack and add new iter-scrub-promiscuous configuration option.
- CVE-2025-11411
-- Marc Deslauriers <email address hidden> Fri, 31 Oct 2025 09:21:18 -0400
|
| Source diff to previous version |
| CVE-2025-11411 |
NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive |
|
|
unbound (1.19.2-1ubuntu3.5) noble-security; urgency=medium
* SECURITY UPDATE: Rebirthday Attack cache poisoning issue
- debian/patches/CVE-2025-5994.patch: Fix issue in
edns-subnet/subnetmod.c, edns-subnet/subnetmod.h.
- CVE-2025-5994
-- Marc Deslauriers <email address hidden> Fri, 18 Jul 2025 13:32:04 -0400
|
| Source diff to previous version |
| CVE-2025-5994 |
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS) |
|
|
unbound (1.19.2-1ubuntu3.3) noble-security; urgency=medium
* SECURITY UPDATE: denial of service via large RRsets compression
- debian/patches/CVE-2024-8508.patch: limit name compression
calculations per packet to avoid CPU lockup in util/data/msgencode.c
- CVE-2024-8508
-- Vyom Yadav <email address hidden> Thu, 17 Oct 2024 11:23:42 +0530
|
| CVE-2024-8508 |
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform |
|
About
-
Send Feedback to @ubuntu_updates
