Date: Mon, 08 Jun 2026 18:33:21 +0000 From: R. Christian McDonald <rcm@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 46134cbeded2 - main - security/vuxml: Document multiple Unbound vulnerabilities Message-ID: <6a270af1.384db.4955cf33@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by rcm: URL: https://cgit.FreeBSD.org/ports/commit/?id=46134cbeded247b3d0e2077c58257215fe426c27 commit 46134cbeded247b3d0e2077c58257215fe426c27 Author: R. Christian McDonald <rcm@FreeBSD.org> AuthorDate: 2026-06-08 18:28:53 +0000 Commit: R. Christian McDonald <rcm@FreeBSD.org> CommitDate: 2026-06-08 18:33:18 +0000 security/vuxml: Document multiple Unbound vulnerabilities * CVE-2026-32792 * CVE-2026-33278 * CVE-2026-40622 * CVE-2026-41292 * CVE-2026-42534 * CVE-2026-42923 * CVE-2026-42944 * CVE-2026-42959 * CVE-2026-42960 * CVE-2026-44390 * CVE-2026-44608 References: https://www.nlnetlabs.nl/projects/unbound/security-advisories/ PR: 295442 Sponsored by: Rubicon Communications, LLC ("Netgate") --- security/vuxml/vuln/2026.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index a36d0f8ad807..64b2412d3093 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,61 @@ + <vuln vid="72e5b334-6365-11f1-8c57-000af7b98cf6"> + <topic>Unbound -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>unbound</name> + <range><lt>1.25.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>NLnet Labs reports:</p> + <blockquote cite="https://www.nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/">; + <p>This release consolidates security fixes for issues reported + over a period of time. There are fixes for:</p> + <ul> + <li>CVE-2026-33278: Possible remote code execution during + DNSSEC validation.</li> + <li>CVE-2026-42944: Heap overflow and crash with multiple + nsid, cookie, padding EDNS options.</li> + <li>CVE-2026-42959: Crash during DNSSEC validation of + malicious content.</li> + <li>CVE-2026-32792: Packet of death with DNSCrypt.</li> + <li>CVE-2026-40622: "Ghost domain name" variant.</li> + <li>CVE-2026-41292: Parsing a long list of incoming EDNS + options degrades performance.</li> + <li>CVE-2026-42534: Jostle logic bypass degrades resolution + performance.</li> + <li>CVE-2026-42923: Degradation of service with unbounded + NSEC3 hash calculations.</li> + <li>CVE-2026-42960: Possible cache poisoning attack while + following delegation.</li> + <li>CVE-2026-44390: Unbounded name compression in certain + cases causes degradation of service.</li> + <li>CVE-2026-44608: Use after free and crash in RPZ code.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-32792</cvename> + <cvename>CVE-2026-33278</cvename> + <cvename>CVE-2026-40622</cvename> + <cvename>CVE-2026-41292</cvename> + <cvename>CVE-2026-42534</cvename> + <cvename>CVE-2026-42923</cvename> + <cvename>CVE-2026-42944</cvename> + <cvename>CVE-2026-42959</cvename> + <cvename>CVE-2026-42960</cvename> + <cvename>CVE-2026-44390</cvename> + <cvename>CVE-2026-44608</cvename> + <url>https://www.nlnetlabs.nl/projects/unbound/security-advisories/</url>; + </references> + <dates> + <discovery>2026-05-20</discovery> + <entry>2026-06-08</entry> + </dates> + </vuln> + <vuln vid="a207a367-6359-11f1-8c57-000af7b98cf6"> <topic>strongSwan -- Double-free when destroying certain cloned identities that can lead to remote code execution</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a270af1.384db.4955cf33>