Red Hat Product Errata RHSA-2026:23231 - Security Advisory Issued: 2026-06-04 Updated: 2026-06-04 RHSA-2026:23231 - Security Advisory Overview Updated Packages Synopsis Important: unbound security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for unbound is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options (CVE-2026-42944) unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in Chase-Reply Messages (CVE-2026-42959) unbound: Unbound DNSSEC Validator Use-After-Free via Deep Copy Pointer Overwrite Leading to DoS and Possible Remote Code Execution (CVE-2026-33278) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2479774 - CVE-2026-42944 unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options BZ - 2479806 - CVE-2026-42959 unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in Chase-Reply Messages BZ - 2479808 - CVE-2026-33278 unbound: Unbound DNSSEC Validator Use-After-Free via Deep Copy Pointer Overwrite Leading to DoS and Possible Remote Code Execution CVEs CVE-2026-33278 CVE-2026-42944 CVE-2026-42959 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM unbound-1.24.2-7.el10_2.1.src.rpm SHA-256: e34bdec3244d131f765763daa446b67449cecabb823724aac507f4f6a66e4807 x86_64 python3-unbound-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 8f78b8f5a12e79b10a5adbe5e7445786dcbff1013e4f23b1c25c81b496cdac48 python3-unbound-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 7ac7db13619a266a6a3c6957e39a40521d3055b95f9b8633ec391bf26685ba85 unbound-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: e3233c988fc4e81ab2010de8608a054617a9389a8229de3668d55bc252b759dc unbound-anchor-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: c47fe3873f3a84e1a49b5f82d4e2ba4b46c0248a33f78f13973877dab5685647 unbound-anchor-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 17993f8a7e3dccd660bc873d8b63488384f8e8e11e2c392c620ab6cd35819cad unbound-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 35f97768ec9e89752e7fe1bae826dc37ca8faa0713fef75c9c43db9f3aadc674 unbound-debugsource-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: c71fd02b10883372926e9e5c0ab9ddf4ce04bb549e9a05f81651424ff2e0f3b1 unbound-dracut-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: cdb11930a304270f2d6f6c56cb5e0d7ca0bf0e16841747f375fd2957bf6f708d unbound-libs-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 64bf1678898db735e88ee280d1c80a9bcf94e891c0eb981ed07dfe2b61121917 unbound-libs-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: a58afff59bc835b07b2dc5d13e5142cf14dc12ec376e9642726b9e296ff04a22 unbound-utils-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: dd5796f123b327a04d388c90527aab584c403c6be2f6d799db6bfd4ac44ac783 unbound-utils-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 073eb9665e49eb61e53cd0bfb1b3f8155363865b6a4a65b5d5d8ff55b34ffb2a Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM unbound-1.24.2-7.el10_2.1.src.rpm SHA-256: e34bdec3244d131f765763daa446b67449cecabb823724aac507f4f6a66e4807 x86_64 python3-unbound-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 8f78b8f5a12e79b10a5adbe5e7445786dcbff1013e4f23b1c25c81b496cdac48 python3-unbound-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 7ac7db13619a266a6a3c6957e39a40521d3055b95f9b8633ec391bf26685ba85 unbound-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: e3233c988fc4e81ab2010de8608a054617a9389a8229de3668d55bc252b759dc unbound-anchor-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: c47fe3873f3a84e1a49b5f82d4e2ba4b46c0248a33f78f13973877dab5685647 unbound-anchor-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 17993f8a7e3dccd660bc873d8b63488384f8e8e11e2c392c620ab6cd35819cad unbound-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 35f97768ec9e89752e7fe1bae826dc37ca8faa0713fef75c9c43db9f3aadc674 unbound-debugsource-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: c71fd02b10883372926e9e5c0ab9ddf4ce04bb549e9a05f81651424ff2e0f3b1 unbound-dracut-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: cdb11930a304270f2d6f6c56cb5e0d7ca0bf0e16841747f375fd2957bf6f708d unbound-libs-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 64bf1678898db735e88ee280d1c80a9bcf94e891c0eb981ed07dfe2b61121917 unbound-libs-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: a58afff59bc835b07b2dc5d13e5142cf14dc12ec376e9642726b9e296ff04a22 unbound-utils-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: dd5796f123b327a04d388c90527aab584c403c6be2f6d799db6bfd4ac44ac783 unbound-utils-debuginfo-1.24.2-7.el10_2.1.x86_64.rpm SHA-256: 073eb9665e49eb61e53cd0bfb1b3f8155363865b6a4a65b5d5d8ff55b34ffb2a Red Hat Enterprise Linux for IBM z Systems 10 SRPM unbound-1.24.2-7.el10_2.1.src.rpm SHA-256: e34bdec3244d131f765763daa446b67449cecabb823724aac507f4f6a66e4807 s390x python3-unbound-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 8949a165e4563e396e3a24ad8f17beb281ddd0379589b311b78a75a72523b7b5 python3-unbound-debuginfo-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 49d327ff3f4d4eb20fdf7a5d9d541678fe1e42b4cf83a364b696ed608e81c814 unbound-1.24.2-7.el10_2.1.s390x.rpm SHA-256: a715b65a89edbabbc5d09d6a1629a753ade3b87eac611bc8b3fe5be74a812d08 unbound-anchor-1.24.2-7.el10_2.1.s390x.rpm SHA-256: b848898a58d5752cbcc7ed448381e8137f8029de48ed8dc433e956d045952913 unbound-anchor-debuginfo-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 2d1d0a4b0bbdd16530718616a9aab124722d35d2c8cc6089b2a715fc2c3be86b unbound-debuginfo-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 2cc32085f3a5d7487229d62f56435a96dfd7b5548bfa573ebe441f10a47b70a9 unbound-debugsource-1.24.2-7.el10_2.1.s390x.rpm SHA-256: a66b206f4cafc832f56214ae9b988ef816373d1676e69da1fae6b9686ca61c46 unbound-dracut-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 8917fc215cfe356c9deac375361f5a4ca3e517f8c3c4f77f1eae220a953052ec unbound-libs-1.24.2-7.el10_2.1.s390x.rpm SHA-256: de941d4519fe6cb8e95e9df244ebc2de6ef146160bd1ac7dac937c6c8e160dad unbound-libs-debuginfo-1.24.2-7.el10_2.1.s390x.rpm SHA-256: b99625c48dba7afdea77ba466a9adcc71783d24357c2676eea4d48972f59b323 unbound-utils-1.24.2-7.el10_2.1.s390x.rpm SHA-256: dd81769c0aaa5f193ad423ba0a0d1592db01185173d5f71396c559ba78d99f0d unbound-utils-debuginfo-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 4df6e54592205c048958c41c140eea2eb0d078db6141b890d733eb9ee6875db7 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM unbound-1.24.2-7.el10_2.1.src.rpm SHA-256: e34bdec3244d131f765763daa446b67449cecabb823724aac507f4f6a66e4807 s390x python3-unbound-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 8949a165e4563e396e3a24ad8f17beb281ddd0379589b311b78a75a72523b7b5 python3-unbound-debuginfo-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 49d327ff3f4d4eb20fdf7a5d9d541678fe1e42b4cf83a364b696ed608e81c814 unbound-1.24.2-7.el10_2.1.s390x.rpm SHA-256: a715b65a89edbabbc5d09d6a1629a753ade3b87eac611bc8b3fe5be74a812d08 unbound-anchor-1.24.2-7.el10_2.1.s390x.rpm SHA-256: b848898a58d5752cbcc7ed448381e8137f8029de48ed8dc433e956d045952913 unbound-anchor-debuginfo-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 2d1d0a4b0bbdd16530718616a9aab124722d35d2c8cc6089b2a715fc2c3be86b unbound-debuginfo-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 2cc32085f3a5d7487229d62f56435a96dfd7b5548bfa573ebe441f10a47b70a9 unbound-debugsource-1.24.2-7.el10_2.1.s390x.rpm SHA-256: a66b206f4cafc832f56214ae9b988ef816373d1676e69da1fae6b9686ca61c46 unbound-dracut-1.24.2-7.el10_2.1.s390x.rpm SHA-256: 8917fc215cfe356c9deac375361f5a4ca3e517f8c3c4f77f1eae220a953052ec unbound-libs-1.24.2-7.el10_2.1.s390x.rpm SHA-256: de941d4519fe6cb8e