[ubuntu/questing-security] unbound 1.22.0-2ubuntu2.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed May 20 12:03:38 UTC 2026 

unbound (1.22.0-2ubuntu2.3) questing-security; urgency=medium

  * SECURITY UPDATE: Packet of death with DNSCrypt (feasibility very low)
    - debian/patches/CVE-2026-32792: validate len in dnscrypt/dnscrypt.c.
    - CVE-2026-32792
  * SECURITY UPDATE: Possible remote code execution during DNSSEC validation
    - debian/patches/CVE-2026-33278.patch: save rrsets alloc by gen_dns_msg
      in services/cache/dns.c, testdata/*, validator/val_nsec3.c.
    - CVE-2026-33278
  * SECURITY UPDATE: "Ghost domain name" variant
    - debian/patches/CVE-2026-40622.patch: never let an NS overwrite extend
      lifetime past the entry it replaces in services/cache/rrset.c.
    - CVE-2026-40622
  * SECURITY UPDATE: Parsing a long list of incoming EDNS options degrades
    performance
    - debian/patches/CVE-2026-41292.patch: limit parsed edns options in
      util/data/msgparse.c.
    - CVE-2026-41292
  * SECURITY UPDATE: Jostle logic bypass degrades resolution performance
    - debian/patches/CVE-2026-42534.patch: properly handle jostle aging in
      services/mesh.c, services/mesh.h.
    - CVE-2026-42534
  * SECURITY UPDATE: Degradation of service with unbounded NSEC3 hash
    calculations
    - debian/patches/CVE-2026-42923.patch: limit salt length in
      validator/val_neg.c, validator/val_nsec3.c, validator/val_nsec3.h.
    - CVE-2026-42923
  * SECURITY UPDATE: Heap overflow and crash with multiple nsid, cookie,
    padding EDNS options
    - debian/patches/CVE-2026-42944.patch: use proper data sizes in
      testcode/unitmain.c, util/data/msgencode.c, util/data/msgencode.h,
      util/data/msgparse.c.
    - CVE-2026-42944
  * SECURITY UPDATE: Crash during DNSSEC validation of malicious content
    - debian/patches/CVE-2026-42959.patch: fix calculations in
      validator/val_utils.c.
    - CVE-2026-42959
  * SECURITY UPDATE: Possible cache poisoning attack while following
    delegation
    - debian/patches/CVE-2026-42960.patch: only mark glue as allowed for
      type NS in the authority section in iterator/iter_scrub.c.
    - CVE-2026-42960
  * SECURITY UPDATE: Unbounded name compression in certain cases causes
    degradation of service
    - debian/patches/CVE-2026-44390.patch: fix counting in
      util/data/msgencode.c.
    - CVE-2026-44390
  * SECURITY UPDATE: Use after free and crash in RPZ code
    - debian/patches/CVE-2026-44608.patch: fix UaF in services/rpz.c.
    - CVE-2026-44608

Date: 2026-05-19 12:13:10.662849+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/unbound/1.22.0-2ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list