Release date:
2026-05-23 10:58:33 UTC
Description:
- CVE-2026-33278: dangling pointer dereference in dns_msg_deepcopy_region()
during DS sub-query suspend/resume; the previously-backported
CVE-2023-50387-CVE-2023-50868.patch dragged the vulnerable
'*res->rep = *origin->rep;' struct-assignment into our 1.16.2 tree.
Save the destination rrsets pointer, sized-memcpy with rrset_ref
excluded, restore the pointer. Adds defense-in-depth
param_set_same() NSEC3 parameter consistency check called from all
five nsec3_prove_* entry points.
Updated packages:
-
python3-unbound-1.16.2-3.el9_2.tuxcare.els5.x86_64.rpm
sha:04b324809cd179f94b00524a9bcd2e85a0269de17031f9d52b4ce75975c722ea
-
unbound-1.16.2-3.el9_2.tuxcare.els5.x86_64.rpm
sha:1d625a6328c5b20ae80a463e89cae6a7a8e669c939ce3a8fcf5772052fbf6c3f
-
unbound-devel-1.16.2-3.el9_2.tuxcare.els5.i686.rpm
sha:f5464b8a831280c4b732afece726ae706893796b85676a2868ac19a9002c2d67
-
unbound-devel-1.16.2-3.el9_2.tuxcare.els5.x86_64.rpm
sha:a2eaad5a97f949d546a7d9047479395de4c64dea83b98997e26699dd5469ebb3
-
unbound-libs-1.16.2-3.el9_2.tuxcare.els5.i686.rpm
sha:c961012005db668ab41b492da1e97c10e667ae82af86c103474b78033b9ba8b1
-
unbound-libs-1.16.2-3.el9_2.tuxcare.els5.x86_64.rpm
sha:c3b814d8d73afeecfb2668c17091df06bd3b534164c690fc3950fb4749179953
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
