]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c9f5771)
unbound: Update to 1.25.1
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 21 May 2026 08:59:06 +0000 (08:59 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 21 May 2026 08:59:06 +0000 (08:59 +0000)
This release consolidates security fixes for issues reported over
a period of time. There are fixes for CVE-2026-33278,
CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622,
CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960,
CVE-2026-44390 and CVE-2026-44608.

Bug Fixes

Fix CVE-2026-33278, Possible remote code execution during DNSSEC
validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42944, Heap overflow and crash with multiple nsid,
cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto
Networks, for the report.
Fix CVE-2026-42959, Crash during DNSSEC validation of malicious
content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew
Griffiths from 'calif.io' for the report.
Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan
Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-41292, Parsing a long list of incoming EDNS options
degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan
Zhang from Palo Alto Networks, for the report.
Fix CVE-2026-42534, Jostle logic bypass degrades resolution
performance. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.
Fix CVE-2026-42923, Degradation of service with unbounded NSEC3
hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for
the report.
Fix CVE-2026-42960, Possible cache poisoning attack while following
delegation. Thanks to TaoFei Guo from Peking University, Yang Luo
and JianJun Chen, Tsinghua University, for the report.
Fix CVE-2026-44390, Unbounded name compression in certain cases
causes degradation of service. Thanks to Qifan Zhang, Palo Alto
Networks, for the report.
Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
lfs/unbound patch | blob | blame | history

diff --git a/lfs/unbound b/lfs/unbound
index b0691e864e35530eef77317ee6d9d68d29b2ccb7..7fe47f5b6b27133d52e0b141053dbff5b629be82 100644 (file)
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.25.0
+VER        = 1.25.1
 
 THISAPP    = unbound-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 4c22e198c2257c251505f6845c42e67481edce2c5e8dc0c475584ef6b8e85907c322f32bd7ecfcb06243ba36fb3d91c63d8c1edd67dca66d374c6a242206e548
+$(DL_FILE)_BLAKE2 = 925d964cfaa76211b5d71ab7d16318327417e7e85791ef3b7b442b0b417e1e29fb925b7a1f3427105cc9114b5b8c093ecc9a9aa5c3457620f622a24ed3674de3
 
 install : $(TARGET)
 
IPFire 2.x development tree