Release date:
2026-05-29 15:36:02 UTC
Description:
- CVE-2026-41292: cap parsed incoming EDNS options at 100 to prevent
per-thread parse stalls under crafted long-option-list queries
- CVE-2026-42944: de-duplicate NSID/Padding EDNS options at parse time
to prevent heap overflow during EDNS encoding in attach_edns_record
- CVE-2026-44608: hold the auth-zone read lock across nsip/nsdname
trigger application in rpz_callback_from_iterator_module to avoid
use-after-free under concurrent RPZ XFR reload
Updated packages:
-
python3-unbound-1.16.2-19.el9_6.1.tuxcare.els5.x86_64.rpm
sha:2ad9c5cb085aaad09e6b833d59959708106555754efe325924712bd2e0c17c05
-
unbound-1.16.2-19.el9_6.1.tuxcare.els5.x86_64.rpm
sha:0361fab20d3d2a6800402c338fcaf2e4afae75f254b72be62721de907e3d5edc
-
unbound-devel-1.16.2-19.el9_6.1.tuxcare.els5.i686.rpm
sha:642f550fd4c638b24dc049fbe60fea1173b26c8b746455ec83fde123de423c18
-
unbound-devel-1.16.2-19.el9_6.1.tuxcare.els5.x86_64.rpm
sha:7cd27730623496ab3a3da25140a321cf01944ee7786e30f6b4dcff6e6dcbb73c
-
unbound-dracut-1.16.2-19.el9_6.1.tuxcare.els5.x86_64.rpm
sha:edbb3c819a7b54f04485aac74f94e3a3ca59b95c08161af762c82c3d01454595
-
unbound-libs-1.16.2-19.el9_6.1.tuxcare.els5.i686.rpm
sha:020a376e0ff255be75bf4caecb84e54e0c5c31241cf2005bb191a53a7a9ba840
-
unbound-libs-1.16.2-19.el9_6.1.tuxcare.els5.x86_64.rpm
sha:31ee488eecc6c21db6e995a3545cd59764f34b814085aca4616d91b70c2e4049
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
