Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in...

Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

...

CVE-2026-41292

CVE-2026-41292 affects NLnet Labs Unbound up to 1.25.0. A vulnerability in parsing long lists of incoming EDNS options can cause a degradation of service/DoS as adversaries send queries with many EDNS options, tying up worker threads while parsing. The issue is mitigated in Unbound 1.25.1, which ...

PT-2026-42128

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description An issue exists related to the parsing of long lists of incoming EDNS Extension Mechanisms for DNS options. An adversary can send queries containing an excessive number of EDNS options,...

Fedora 43 : bind9-next (2026-b31c8d8e83)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b31c8d8e83 advisory. Update to 9.21.17 rhbz2415843 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 New Features: - Add support for Extende...

OPENSUSE-SU-2024:0319-1 Security update for coredns

This update for coredns fixes the following issues: Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forward plugin 6681 fix: plugin/file: return error when parsing the file fails 6699 fix:documentation...

CVE-2024-1931

A vulnerability was found in Unbound. The issue arises due to a flaw in the handling of Extended DNS Error EDE records when the 'ede: yes' option is enabled, a non-default configuration. Specifically, an unchecked condition in the code can trigger an infinite loop when attempting to trim the text...

dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232

A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...

UBUNTU-CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...

SUSE CVE-2006-2069

The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service application crash via malformed EDNS0 packets...

SUSE CVE-2014-3859

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a crafted packet, as demonstrated by an attack against named, dig, or delv...

SUSE CVE-2018-5744

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1, and versions 9.10.7-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 - 9.13.6 of th...

DEBIAN-CVE-2006-2069

The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service application crash via malformed EDNS0 packets...