Release date:
2026-05-23 11:02:33 UTC
Description:
- CVE-2026-33278: use-after-free in DNSSEC validator dns_msg_deepcopy_region
during NSEC3 sub-query suspend/resume; buggy struct-assignment overwrote
the destination's freshly-allocated rrsets pointer with the source's
pointer, leaving a dangling pointer dereferenced after the source region
was freed (possible remote code execution or crash)
Updated packages:
-
python3-unbound-1.16.2-5.el8.tuxcare.els5.x86_64.rpm
sha:07771e1ea5f4e958eed87fa72c5ea38536d6380b2ff76a93ceae115354715433
-
unbound-1.16.2-5.el8.tuxcare.els5.x86_64.rpm
sha:7e09f4249ee3cf527d5309f5b93042271e6a0c664b355c440926af4f38b2d6d9
-
unbound-devel-1.16.2-5.el8.tuxcare.els5.i686.rpm
sha:ce89b5c3356f574bdfd655eb03a6e5ae020bb638375af0038505441be4c97ef6
-
unbound-devel-1.16.2-5.el8.tuxcare.els5.x86_64.rpm
sha:5ae3fb9538ce57045624e814409ab48b06ad12cff5ef06dc5d4e230cfca52ee0
-
unbound-libs-1.16.2-5.el8.tuxcare.els5.i686.rpm
sha:4228cf875dd6b098ad9d19cff93a52b21e6c1a7913fdc339549f49d65038279d
-
unbound-libs-1.16.2-5.el8.tuxcare.els5.x86_64.rpm
sha:e48c4e5e2de1795b5cddef309e96b25270d2aad989fda6b5cc68aca8dfb3ec87
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
