RLSA-2026:24339 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

RHEL 9 : bind (RHSA-2026:24367)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24367 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

AlmaLinux 10 : bind (ALSA-2026:24338)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24338 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

Important: bind

Issue Overview: Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message, causing denial of service. Both authoritative servers and resolvers are affected. CVE-2026-5946 Affected Packages: bind Note: This...

Amazon Linux 2 : bind, --advisory ALAS2-2026-3321 (ALAS-2026-3321)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3321 advisory. Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a...

RockyLinux 8 : bind9.16 (RLSA-2026:23360)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:23360 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

Oracle Linux 8 : bind9.16 (ELSA-2026-23360)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-23360 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

bind9.16 security update

32:9.16.23-0.22.6 - Fix GSS-API resource leak CVE-2026-3039 - Invalid handling of CLASS != IN CVE-2026-5946...

Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

CVE-2026-45964

SUNRPC: fix gssauth kref leak in gssallocmsg error path...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...

USN-8293-1 bind9 vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

USN-8293-1: Bind vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

BIT-POSTGRESQL-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6691

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

CVE-2026-40355

MIT Kerberos 5 (krb5) before 1.22.3 is affected by a NULL pointer dereference in gss_accept_sec_context when a NegoEx mechanism is registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message (denial of service). Affected...