ALSA-2026:18786 Important: bind security update

🗓️ 19 May 2026 00:00:00Reported by GoogleType

osv

osv🔗 osv.dev👁 3 Views

BIND security update fixes resource exhaustion from malformed DNSKEY handling (CVE-2025-8677).

Reporter	Title	Published	Views	Family All 169
IBM Security Bulletins	Security Bulletin: Vulnerability in BIND affects IBM Netezza Appliance	16 Dec 202510:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to ISC BIND (CVE-2025-40778, CVE-2025-40780, CVE-2025-8677)	18 Feb 202615:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i is affected by BIND accepting records with untrusted data, predictable port and query ID, and resource exhaustions in Domain Name System due to multiple vulnerabilities.	6 Nov 202514:45	–	ibm
Tenable Nessus	Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2025-1255)	7 Nov 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : bind, --advisory ALAS2-2025-3054 (ALAS-2025-3054)	5 Nov 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0171: bind (ALINUX3-SA-2025:0171)	17 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : bind (ALSA-2025:19912)	10 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : bind9.18 (ALSA-2025:19950)	19 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : bind (ALSA-2025:21034)	25 Nov 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : bind9.18 (ALSA-2025:21111)	3 Dec 202500:00	–	nessus

Source	Link
access	www.access.redhat.com/errata/RHSA-2026:18786
access	www.access.redhat.com/security/cve/CVE-2025-8677
bugzilla	www.bugzilla.redhat.com/2405830
errata	www.errata.almalinux.org/9/ALSA-2026-18786.html

26 May 2026 16:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.5

EPSS0.00071

SSVC

Domain Name System Security fix Resource exhaustion DNSKEY handling CVE 2025-8677