bind9.16 security update

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain BIND is an implementation of the Domain Na...

RockyLinux 8 : bind9.16 (RLSA-2026:23360)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:23360 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

RHEL 8 : bind9.16 (RHSA-2026:23360)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23360 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

RHSA-2026:23360 Red Hat Security Advisory: bind9.16 security update

Bulletin has no description...

Oracle Linux 8 : bind9.16 (ELSA-2026-23360)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-23360 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

AlmaLinux 8 : bind9.16 (ALSA-2026:23360)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:23360 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

bind9.16 security update

32:9.16.23-0.22.6 - Fix GSS-API resource leak CVE-2026-3039 - Invalid handling of CLASS != IN CVE-2026-5946...

Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

MGASA-2026-0163 Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

bind-9.20.23-1.1 on GA media (moderate)

bind-9.20.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:10874-1 Rating: moderate Cross-References: CVE-2026-3039 CVE-2026-3592 CVE-2026-5946 CVE-2026-5947 CVE-2026-5950 CVSS scores: CVE-2026-3039 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-3592 SUSE : 5.3...

CVE-2026-5950

A flaw was found in BIND 9. A remote, unauthenticated attacker can exploit an unbounded resend loop vulnerability in the resolver state machine during bad-server handling. By sending specially crafted queries that trigger specific retry conditions, the attacker can cause severe resource exhaustio...

TencentOS Server 3: bind9.16 (TSSA-2026:0359)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0359 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Unbounded resend loop in BIND 9 resolver

...

Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

...

BIND 9 server memory exhaustion during GSS-API TKEY negotiation

...

[SECURITY] [DSA 6285-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6285-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 20, 2026 https://www.debian.org/security/faq -...

CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

ALPINE-CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

ALPINE-CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...