| Package | unbound1.9 |
|---|---|
| Version | 1.9.0-2+deb10u2~deb9u8 (stretch) |
| Related CVEs | CVE-2025-11411 |
Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan discovered that the initial fix for CVE-2025-11411 as applied in ELA 1568-1 did not fully fix the vulnerability. Updated packages correcting this issue are now available.
Additionally, this update includes a fix for potential amplification
DDoS attacks due to improperly following cleared RD flags.
For Debian 9 stretch, these problems have been fixed in version 1.9.0-2+deb10u2~deb9u8.
We recommend that you upgrade your unbound1.9 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.