Unbound 1.24.1 released
Yorgos Thessalonikefs
yorgos at nlnetlabs.nl
Wed Oct 22 10:20:16 UTC 2025
Hi,
Unbound 1.24.1 is available:
https://nlnetlabs.nl/downloads/unbound/unbound-1.24.1.tar.gz
sha256 7f2b1633e239409619ae0527f67878b0f33ae0ec0ee5a3a51c042c359ba1eeab
pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.24.1.tar.gz.asc
This security release fixes CVE-2025-11411.
Promiscuous NS RRSets that complement DNS replies in the authority
section can be used to trick resolvers to update their delegation
information for the zone.
The CVE is described here
https://nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
We would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin
Duan from Tsinghua University for discovering and responsibly disclosing
the vulnerability.
Bug Fixes:
- Fix CVE-2025-11411 (possible domain hijacking attack), reported by
Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua
University.
This Unbound release is signed by my PGP key.
You can find my public PGP key at https://nlnetlabs.nl/people/.
Also on the online key servers like
https://keyserver.ubuntu.com/pks/lookup?search=948eb42322c5d00b79340f5dcff3344d9087a490&fingerprint=on&op=index
which is additionally signed with Wouter's key as well.
Both Wouter's (PGP Key ID: 9F6F 1C2D 7E04 5F8D)
and my key (PGP Key ID: CFF3 344D 9087 A490)
will be eligible for signing releases from now.
Best regards,
-- Yorgos
More information about the Unbound-users
mailing list