[SECURITY] [DSA 6071-1] unbound security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6071-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 04, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : unbound
CVE ID : CVE-2025-11411
It was discovered that incorrect handling of promiscuous NS RRSets in
Unbound, a validating, recursive, caching DNS resolver, could result in
cache poisoning.
For the stable distribution (trixie), this problem has been fixed in
version 1.22.0-2+deb13u1.
We recommend that you upgrade your unbound packages.
For the detailed security status of unbound please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unbound
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkx7/AACgkQEMKTtsN8
TjY7CA//VnatBztWXPVbEozG6IgyJNqRDDgg8vh1UABAnq0UHkFgx1vknTmBSaqz
hES7glvQpFCsphXT6HSOTHYDrTVIJMhvPxUxUUpkeEYN8Q4vxxVmD2rQXkh9xOQR
BW0Gh/+UVuUUVBiB9mmECETb1lT4n7FUSvRpSKGwE/Nh7ClLMshZHTuxATpKj3ML
aRufmVeuTDi8C1WT7xjbs4t0/+JTPS1LYtVfNtIDDm8MfpB21EjY26mPmvfCCa0n
W1vl7BECuCh2cK4Tn991vUhbUwxzJ9gmAw+9L86yr+0IOtsGiUYExZclAmPx7H3f
RUeqms16w8f4QxR/KWj3iYvpKBfPFrAhycdq/G9linC3kw9Ap8dasAWDj8ph749I
1jOVTh2KE5fOjYCXiE1RlZGN6SHqymYELivCm190X8lTnii/VhKtlqzThyeF7++E
/a0ImMFIHH/0JXnasJeXs8jZCJm2ugl1VbokNVrE7B9+3zKEExp54dTzUsbyoRXP
qz+lAlI9CAuFeha59YlM6CNz98j0YS2x7qdsRzb32QXZWvCX5rbNyKG9TnWsHOfo
BgPDGKEMZdM8JLLLYUq0s+UboWf3vrEc5Go62TfTYexU5eFZ2IwRuwM4HTNFzGGO
XBUv0upGSg8l9HI3Q23oivm5/z9eafV20swjydP1Q3IWBx28/ug=
=IFUf
-----END PGP SIGNATURE-----
Reply to: