Advisories » MGASA-2025-0273

Updated unbound packages fix security vulnerability

Publication date: 12 Nov 2025
Modification date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11411

Description

Several multi-vendor cache poisoning vulnerabilities have been
discovered in caching resolvers for non-DNSSEC protected data.
Unbound is vulnerable for some of these cases that could lead to
domain hijacking (CVE-2025-11411).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34700
• https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11411

SRPMS

9/core

• unbound-1.24.1-1.mga9