USN-8282-2: Unbound vulnerabilities
摘要
Several security issues were fixed in Unbound.
正文
USN-8282-1 fixed vulnerabilities in Unbound. This update provides the corresponding updates for CVE-2026-41292 in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS and CVE-2026-42959, CVE-2026-42960 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Andrew Griffiths discovered that Unbound did not properly handle certain DNSCrypt packets. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service. (CVE-2026-32792) Qifan Zhang discovered that Unbound incorrectly handled DNSSEC validation in certain situations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-33278) Qifan Zhang discovered that Unbound incorrectly handled certain ghost domain name records. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-40622) Qifan Zhang discovered that Unbound did not properly limit processing of long EDNS option lists. A remote attacker could possibly use this issue to cause Unbound to use excessive resources, leading to a denial of service. (CVE-2026-41292) Qifan Zhang discovered that Unbound incorrectly handled jostle logic under certain circumstances. A remote attacker could possibly use this issue to cause Unbound to use excessive resources, leading to a denial of service. (CVE-2026-42534) Qifan Zhang discovered that Unbound did not properly bound NSEC3 hash calculations. A remote attacker could possibly use this issue to cause Unbound to use excessive resources, leading to a denial of service. (CVE-2026-42923) Qifan Zhang discovered that Unbound incorrectly handled multiple EDNS options in certain situations. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-42944) Qifan Zhang discovered that Unbound incorrectly handled DNSSEC validation of malicious content. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service. (CVE-2026-42959) TaoFei Guo, Yang Luo, and JianJun Chen discovered that Unbound incorrectly handled delegation processing in certain situations. A remote attacker could possibly use this issue to poison the DNS cache and obtain sensitive information. (CVE-2026-42960) Qifan Zhang discovered that Unbound did not properly bound name compression in certain cases. A remote attacker could possibly use this issue to cause Unbound to use excessive resources, leading to a denial of service. (CVE-2026-44390) Qifan Zhang discovered that Unbound had a use-after-free issue in RPZ handling. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-44608)
标签
- release:bionic
- release:focal
- release:trusty
- release:xenial
- USN
扩展字段
{
"cve_ids": [
"CVE-2026-42959",
"CVE-2026-41292",
"CVE-2026-42960"
],
"guid": "https://ubuntu.com/security/notices/USN-8282-2",
"instructions": "In general, a standard system update will make all the necessary changes.",
"raw_pub_date": "Tue, 02 Jun 2026 18:26:07 +0000",
"release_packages": {
"bionic": [
{
"description": "validating, recursive, caching DNS resolver",
"is_source": true,
"name": "unbound",
"version": "1.6.7-1ubuntu2.6+esm4"
},
{
"is_source": false,
"is_visible": false,
"name": "libunbound-dev",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.6.7-1ubuntu2.6+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libunbound2",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.6.7-1ubuntu2.6+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "python-unbound",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.6.7-1ubuntu2.6+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "python3-unbound",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.6.7-1ubuntu2.6+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "unbound",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.6.7-1ubuntu2.6+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "unbound-anchor",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.6.7-1ubuntu2.6+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "unbound-host",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.6.7-1ubuntu2.6+esm4",
"version_link": null
}
],
"focal": [
{
"description": "validating, recursive, caching DNS resolver",
"is_source": true,
"name": "unbound",
"version": "1.9.4-2ubuntu1.11+esm1"
},
{
"is_source": false,
"is_visible": false,
"name": "libunbound-dev",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.9.4-2ubuntu1.11+esm1",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libunbound8",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.9.4-2ubuntu1.11+esm1",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "python-unbound",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.9.4-2ubuntu1.11+esm1",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "python3-unbound",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.9.4-2ubuntu1.11+esm1",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "unbound",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.9.4-2ubuntu1.11+esm1",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "unbound-anchor",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.9.4-2ubuntu1.11+esm1",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "unbound-host",
"pocket": "esm-infra",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.9.4-2ubuntu1.11+esm1",
"version_link": null
}
],
"trusty": [
{
"description": "validating, recursive, caching DNS resolver",
"is_source": true,
"name": "unbound",
"version": "1.4.22-1ubuntu4.14.04.3+esm3"
},
{
"is_source": false,
"is_visible": false,
"name": "libunbound-dev",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.4.22-1ubuntu4.14.04.3+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libunbound2",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.4.22-1ubuntu4.14.04.3+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "python-unbound",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.4.22-1ubuntu4.14.04.3+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "unbound",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.4.22-1ubuntu4.14.04.3+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "unbound-anchor",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.4.22-1ubuntu4.14.04.3+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "unbound-host",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.4.22-1ubuntu4.14.04.3+esm3",
"version_link": null
}
],
"xenial": [
{
"description": "validating, recursive, caching DNS resolver",
"is_source": true,
"name": "unbound",
"version": "1.5.8-1ubuntu1.1+esm3"
},
{
"is_source": false,
"is_visible": false,
"name": "libunbound-dev",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.5.8-1ubuntu1.1+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "libunbound2",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.5.8-1ubuntu1.1+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "python-unbound",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.5.8-1ubuntu1.1+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": true,
"name": "unbound",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.5.8-1ubuntu1.1+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "unbound-anchor",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.5.8-1ubuntu1.1+esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "unbound-host",
"pocket": "esm-infra-legacy",
"source_link": "https://launchpad.net/ubuntu/+source/unbound",
"version": "1.5.8-1ubuntu1.1+esm3",
"version_link": null
}
]
},
"releases": [
{
"codename": "focal",
"support_tag": "ESM",
"version": "20.04"
},
{
"codename": "bionic",
"support_tag": "ESM",
"version": "18.04"
},
{
"codename": "xenial",
"support_tag": "ESM",
"version": "16.04"
},
{
"codename": "trusty",
"support_tag": "ESM",
"version": "14.04"
}
]
}