Release date:
2026-06-03 09:07:07 UTC
Description:
- CVE-2026-42960: prevent cache poisoning via promiscuous additional-section
records by marking glue only for NS RRsets in the authority section
[ELSCVE-130594]
- CVE-2026-42944: fix heap overflow and crash with multiple NSID and PADDING
EDNS options by deduplicating options and adding bounds checks in
attach_edns_record_max_msg_sz [ELSCVE-130649]
- CVE-2026-41292: cap parsed EDNS options at MAX_PARSED_EDNS_OPTIONS (100)
to prevent DoS via long option lists [ELSCVE-130636]
- CVE-2026-42959: fix out-of-bounds write in val_fill_reply by indexing the
destination array with chase->ns_numrrsets instead of orig->ns_numrrsets
[ELSCVE-130615]
- CVE-2026-40622: prevent ghost-domain TTL extension by clamping newd->ttl
to cached->ttl in the higher-trust branch of need_to_update_rrset
[ELSCVE-129354]
Updated packages:
-
python3-unbound-1.16.2-3.el9_2.tuxcare.els6.x86_64.rpm
sha:f5c47796c84a644e8eac168d9a135f9f4afa537c8471c3ce95b0398daf319240
-
unbound-1.16.2-3.el9_2.tuxcare.els6.x86_64.rpm
sha:b309e70366a87d77566a3803a16f3d9698ce754f17dc75a23c3ecdbf44967966
-
unbound-devel-1.16.2-3.el9_2.tuxcare.els6.i686.rpm
sha:4bbf3a2c560a442d5f0c087a1a3b1f41c582ea0f0d3aeeb7ff77f2ae7bdd0bb8
-
unbound-devel-1.16.2-3.el9_2.tuxcare.els6.x86_64.rpm
sha:ebedd82bae3d3d8031afd2f3d2bf3a197dc37b12878e83e7ba0529d39418d69d
-
unbound-libs-1.16.2-3.el9_2.tuxcare.els6.i686.rpm
sha:ea0df4ec54ed0fca045b30cc5d42b9b1771c18c72e0cf5fa83ebd1487f1e887d
-
unbound-libs-1.16.2-3.el9_2.tuxcare.els6.x86_64.rpm
sha:0c518dbea284d2b252a1f74dfef4a86537667130a16b5b1822894a20b988df36
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
