Todo #16503
closed
Update Unbound to 1.24.2 to address CVE-2025-11411
0%
Description
Good day
Since current(1.23.0 in pfSense CE 2.8.1) version, there are already 2 security and 1 major releases.
CVE-2025-11411 - Medium Severity:
https://nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
Also fix(in 1.23.1) CVE-2025-5994, but as I can see, unbound compiled without ECS support (--enable-subnet), so not vulnerable.
CVE-2025-5994 - High Severity:
https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
Updated by Christian McDonald about 1 month ago
- Status changed from New to In Progress
- Assignee set to Christian McDonald
I have committed the patch to upstream FreeBSD-ports. Once we finish a ports merge with upstream we will pick this back to our latest stable branches of both CE and Plus.
Once that is complete, new installations of CE and Plus will get Unbound 1.24.1. However, existing installs will need to manually upgrade via pkg upgrade unbound
re: https://cgit.freebsd.org/ports/commit/?id=b8274415ecc9b67094dba3b4dc7ec64fccb359e7
Updated by Kris Phillips about 1 month ago
Checked public repos on 25.07.1 and internal repos for25.11, and 26.03.
All three versions are now showing Unbound 1.24.1 in their repos.
Updated by Christian McDonald 7 days ago
- Subject changed from Update Unbound to 1.24.1 to address CVE-2025-11411 to Update Unbound to 1.24.2 to address CVE-2025-11411
- Target version set to 2.9.0
- Plus Target Version set to 25.11
Updated by Christian McDonald 7 days ago
- Status changed from In Progress to Resolved
We are now building 1.24.2.