Home / mailings [SECURITY] [DSA 6304-1] unbound security update
Posted on 27 May 2026
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-6304-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 27, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : unbound
CVE ID : CVE-2026-33278 CVE-2026-42944 CVE-2026-42959
CVE-2026-32792 CVE-2026-40622 CVE-2026-41292
CVE-2026-42534 CVE-2026-42923 CVE-2026-42960
CVE-2026-44390 CVE-2026-44608
Multiple security vulnerabilities were discovered in Unbound, a
validating, recursive, caching DNS resolver, which could result
in denial of service, cache poisoning or potentially the execution
of arbitrary code.
For the stable distribution (trixie), this problem has been fixed in
version 1.22.0-2+deb13u3.
We recommend that you upgrade your unbound packages.
For the detailed security status of unbound please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unbound
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
