RLSA-2026:24365 Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in...

MiracleLinux 8 : unbound-1.16.2-5.11.el8_10 (AXSA:2026-768:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-768:04 advisory. unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service...

RHEL 8 : unbound (RHSA-2026:24365)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24365 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash...

ROOT-OS-DEBIAN-12-CVE-2026-42944 CVE-2026-42944 in rootio-unbound - Patched by Root

Root has patched CVE-2026-42944 in the rootio-unbound package for Root:Debian:12. Multiple fixed versions available...

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Fedora 43 : unbound (2026-3223ded15e)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3223ded15e advisory. Update to 1.25.1 rhbz2480119 - Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Network...

CVE-2026-42944 affecting package unbound for versions less than 1.25.1-1

CVE-2026-42944 affecting package unbound for versions less than 1.25.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-42944

creationtimestamp| type| source ---|---|--- 2026-05-20 10:36:24+00:00| seen| https://social.nlnetlabs.nl/users/nlnetlabs/statuses/116606458492280712 2026-05-20 10:38:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbpmk25mm2e...

CVE-2026-42944

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...