Todo #16503
open
Update Unbound to 1.24.1 to address CVE-2025-11411
0%
Description
Good day
Since current(1.23.0 in pfSense CE 2.8.1) version, there are already 2 security and 1 major releases.
CVE-2025-11411 - Medium Severity:
https://nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
Also fix(in 1.23.1) CVE-2025-5994, but as I can see, unbound compiled without ECS support (--enable-subnet), so not vulnerable.
CVE-2025-5994 - High Severity:
https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
Updated by Christian McDonald 20 days ago
- Status changed from New to In Progress
- Assignee set to Christian McDonald
I have committed the patch to upstream FreeBSD-ports. Once we finish a ports merge with upstream we will pick this back to our latest stable branches of both CE and Plus.
Once that is complete, new installations of CE and Plus will get Unbound 1.24.1. However, existing installs will need to manually upgrade via pkg upgrade unbound
re: https://cgit.freebsd.org/ports/commit/?id=b8274415ecc9b67094dba3b4dc7ec64fccb359e7
Updated by Kris Phillips 18 days ago
Checked public repos on 25.07.1 and internal repos for25.11, and 26.03.
All three versions are now showing Unbound 1.24.1 in their repos.