ALSA-2026:23231

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:23231.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:23231
Related
  • CVE-2026-33278
  • CVE-2026-42944
  • CVE-2026-42959
Published
2026-06-04T00:00:00Z
Modified
2026-06-04T12:44:18.671202110Z
Summary
Important: unbound security update
Details

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Security Fix(es):

  • unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options (CVE-2026-42944)
  • unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in Chase-Reply Messages (CVE-2026-42959)
  • unbound: Unbound DNSSEC Validator Use-After-Free via Deep Copy Pointer Overwrite Leading to DoS and Possible Remote Code Execution (CVE-2026-33278)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:10
python3-unbound

Package

Name
python3-unbound
Purl
pkg:rpm/almalinux/python3-unbound

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.2-7.el10_2.1

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:23231.json"
unbound

Package

Name
unbound
Purl
pkg:rpm/almalinux/unbound

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.2-7.el10_2.1

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:23231.json"
unbound-anchor

Package

Name
unbound-anchor
Purl
pkg:rpm/almalinux/unbound-anchor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.2-7.el10_2.1

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:23231.json"
unbound-devel

Package

Name
unbound-devel
Purl
pkg:rpm/almalinux/unbound-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.2-7.el10_2.1

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:23231.json"
unbound-dracut

Package

Name
unbound-dracut
Purl
pkg:rpm/almalinux/unbound-dracut

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.2-7.el10_2.1

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:23231.json"
unbound-libs

Package

Name
unbound-libs
Purl
pkg:rpm/almalinux/unbound-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.2-7.el10_2.1

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:23231.json"
unbound-utils

Package

Name
unbound-utils
Purl
pkg:rpm/almalinux/unbound-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.2-7.el10_2.1

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:23231.json"