Hi, Unbound 1.24.1 is available: https://nlnetlabs.nl/downloads/unbound/unbound-1.24.1.tar.gz sha256 7f2b1633e239409619ae0527f67878b0f33ae0ec0ee5a3a51c042c359ba1eeab pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.24.1.tar.gz.asc
This security release fixes CVE-2025-11411. Promiscuous NS RRSets that complement DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. The CVE is described here https://nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt We would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University for discovering and responsibly disclosing the vulnerability. Bug Fixes: - Fix CVE-2025-11411 (possible domain hijacking attack), reported by Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University. This Unbound release is signed by my PGP key. You can find my public PGP key at https://nlnetlabs.nl/people/. Also on the online key servers like https://keyserver.ubuntu.com/pks/lookup?search=948eb42322c5d00b79340f5dcff3344d9087a490&fingerprint=on&op=index which is additionally signed with Wouter's key as well. Both Wouter's (PGP Key ID: 9F6F 1C2D 7E04 5F8D) and my key (PGP Key ID: CFF3 344D 9087 A490) will be eligible for signing releases from now. Best regards, -- Yorgos
