UbuntuUpdates.org

Package "unbound"

Name: unbound

Description:

validating, recursive, caching DNS resolver
Latest version: 1.22.0-2ubuntu2.2
Release: questing (25.10)
Level: updates
Repository: universe
Homepage: https://www.unbound.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "unbound"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "unbound" in Questing

Repository Area Version
base main 1.22.0-2ubuntu2
base universe 1.22.0-2ubuntu2
security main 1.22.0-2ubuntu2.2
security universe 1.22.0-2ubuntu2.2
updates main 1.22.0-2ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.22.0-2ubuntu2.2 2025-12-02 19:08:43 UTC

  unbound (1.22.0-2ubuntu2.2) questing-security; urgency=medium

  * SECURITY REGRESSION: Incomplete fix for CVE-2025-11411.
    - debian/patches/CVE-2025-11411-fix1.patch: Add mitigations for YXDOMAIN in
      iterator/iter_scrub.c. Add tests in testdata/iter_scrub_promiscuous.rpl
      and testdata/ratelimit.tdir/ratelimit.testns.
    - CVE-2025-11411

 -- Hlib Korzhynskyy <email address hidden> Thu, 27 Nov 2025 17:51:39 -0330
Source diff to previous version
CVE-2025-11411 NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive

Version: 1.22.0-2ubuntu2.1 2025-11-04 22:07:13 UTC

  unbound (1.22.0-2ubuntu2.1) questing-security; urgency=medium

  * SECURITY UPDATE: promiscuous NS RRSets domain hijack issue
    - debian/patches/CVE-2025-11411.patch: fix possible domain hijacking
      attack and add new iter-scrub-promiscuous configuration option.
    - CVE-2025-11411

 -- Marc Deslauriers <email address hidden> Fri, 31 Oct 2025 08:47:51 -0400
CVE-2025-11411 NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive


About   -   Send Feedback to @ubuntu_updates