{"id":"CLSA-2026-1779533909","summary":"unbound: Fix of 3 CVEs","details":"- CVE-2026-33278: dangling pointer dereference in dns_msg_deepcopy_region()\n  during DS sub-query suspend/resume; the previously-backported\n  CVE-2023-50387-CVE-2023-50868.patch dragged the vulnerable\n  '*res-\u003erep = *origin-\u003erep;' struct-assignment into our 1.16.2 tree.\n  Save the destination rrsets pointer, sized-memcpy with rrset_ref\n  excluded, restore the pointer. Adds defense-in-depth\n  param_set_same() NSEC3 parameter consistency check called from all\n  five nsec3_prove_* entry points.","modified":"2026-06-01T00:32:34.799323795Z","published":"2026-05-23T10:58:33Z","upstream":["CVE-2026-33278","CVE-2023-50387","CVE-2023-50868"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2026-1779533909.html"}],"affected":[{"package":{"name":"python3-unbound","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/python3-unbound?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.2-3.el9_2.tuxcare.els5"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779533909.json"}},{"package":{"name":"unbound","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/unbound?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.2-3.el9_2.tuxcare.els5"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779533909.json"}},{"package":{"name":"unbound-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/unbound-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.2-3.el9_2.tuxcare.els5"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779533909.json"}},{"package":{"name":"unbound-libs","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/unbound-libs?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.2-3.el9_2.tuxcare.els5"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779533909.json"}}],"schema_version":"1.7.5"}