unbound-1.16.2-5.9.el8_10

エラータID: AXSA:2025-10630:04

Release date: 
Tuesday, July 29, 2025 - 17:05
Subject: 
unbound-1.16.2-5.9.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

Security Fix(es):

* unbound: Unbound Cache poisoning (CVE-2025-5994)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-5994
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.

Solution: 

Update packages.

CVEs: 
CVE-2025-5994
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. unbound-1.16.2-5.9.el8_10.src.rpm
    MD5: b255f241d5fe3bb80f55db08b63a80cd
    SHA-256: 1d4591aa0e2b6320639c48cb38931ab4f5de3c445a713a9a19b266659c70d789
    Size: 6.02 MB

Asianux Server 8 for x86_64
  1. python3-unbound-1.16.2-5.9.el8_10.x86_64.rpm
    MD5: 56d3d402fd94d1042b9ad9cbeb2c0fd8
    SHA-256: 77378f0d251b361e533a997349a8f0b82915e6d4ca00312b252f401854f9270b
    Size: 129.25 kB
  2. unbound-1.16.2-5.9.el8_10.x86_64.rpm
    MD5: b83aa4efd4faa247efe4ef87e9b2e716
    SHA-256: 1a4b5d01df651c5d4baf2681e9436965fb30721298074007971225bc8f30b15e
    Size: 1.00 MB
  3. unbound-devel-1.16.2-5.9.el8_10.i686.rpm
    MD5: c6249388a6f2f3e65caadc3cdf40b882
    SHA-256: 6b9ecf13f3a8e56209303b852fe48a83303faeb091ff83bf9e59f8e90b316773
    Size: 56.66 kB
  4. unbound-devel-1.16.2-5.9.el8_10.x86_64.rpm
    MD5: 6bf47475cd89dc700c0c2203bf2a009e
    SHA-256: 7b07e50f4b910aa9cffc362bef279e681bf700c3588993746f146fe8f40b4af9
    Size: 56.64 kB
  5. unbound-libs-1.16.2-5.9.el8_10.i686.rpm
    MD5: 6a09c5b5bac718204a1127578aeb4e71
    SHA-256: 030a9dec6b16c05189755b6ae9db96cd54bd526eda4c1c4001b9bfb185e3cbbd
    Size: 617.38 kB
  6. unbound-libs-1.16.2-5.9.el8_10.x86_64.rpm
    MD5: c8c0491e14957e46633f1a2aabe93059
    SHA-256: bad93bec6dbc6811515ff458a6480a1443e774bd483eb2b210ed633ce0fb7257
    Size: 576.81 kB