ROOT-OS-DEBIAN-11-CVE-2026-3039 CVE-2026-3039 in rootio-bind9 - Patched by Root

Root has patched CVE-2026-3039 in the rootio-bind9 package for Root:Debian:11. Multiple fixed versions available...

RockyLinux 9 : bind9.18 (RLSA-2026:24368)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24368 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

AlmaLinux 9 : bind (ALSA-2026:24367)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24367 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

AlmaLinux 8 : bind (ALSA-2026:24339)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24339 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

RHEL 10 : bind (RHSA-2026:24338)

"The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24338 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

RHEL 9 : bind9.18 (RHSA-2026:24368)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24368 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...

ALSA-2026:24338 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

RHEL 8 : bind9.16 (RHSA-2026:23360)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23360 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Oracle Linux 8 : bind9.16 (ELSA-2026-23360)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-23360 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

bind9.16 security update

32:9.16.23-0.22.6 - Fix GSS-API resource leak CVE-2026-3039 - Invalid handling of CLASS != IN CVE-2026-5946...

CLSA-2026-1780054583 Fix CVE(s): CVE-2026-3039

SECURITY UPDATE: GSS-API resource leak triggered by multi-round TKEY - debian/patches/CVE-2026-3039.patch: reject GSSSCONTINUENEEDED in dstgssapiacceptctx and release the partial security context and gouttoken so they don't accumulate per malicious TKEY query. - CVE-2026-3039...

CLSA-2026-1780054328 Fix CVE(s): CVE-2026-3039

SECURITY UPDATE: GSS-API resource leak triggered by multi-round TKEY - debian/patches/CVE-2026-3039.patch: reject GSSSCONTINUENEEDED in dstgssapiacceptctx and release the partial security context and gouttoken so they don't accumulate per malicious TKEY query. - CVE-2026-3039...

Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2026-141-01)

The version of bind installed on the remote host is prior to 9.18.49 / 9.20.23. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-141-01 advisory. New bind packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

[SECURITY] [DSA 6285-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6285-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 20, 2026 https://www.debian.org/security/faq -...

DEBIAN-CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

Linux Distros Unpatched Vulnerability : CVE-2026-3039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processin...

ISC BIND 9.0.0 < 9.18.49 / 9.9.3-S1 < 9.18.49-S1 / 9.18.0 < 9.18.49 / 9.18.11-S1 < 9.18.49-S1 / 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-3039)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3039 advisory. - BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory...

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

UBUNTU-CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...