196 matches found
[SECURITY] [DLA 4529-1] bind9 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4529-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès April 13, 2026 https://wiki.debian.org/LTS -...
Important: bind9.18 security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
Study of Post Quantum Status of Widely Used Protocols
The advent of quantum computing poses significant threats to classical public-key cryptographic primitives such as RSA and elliptic-curve cryptography. As many critical network and security protocols depend on these primitives for key exchange and authentication, there is an urgent need to...
Memory leak in code preparing DNSSEC proofs of non-existence
...
SUSE CVE-2026-1519
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...
CVE-2026-1519
A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users. Mitigation To mitigate...
MiracleLinux 8 : dnsmasq-2.79-31.el8_9.2 (AXSA:2024-7620:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7620:02 advisory. dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can...
MiracleLinux 8 : dnsmasq-2.79-13.el8.1 (AXSA:2021-1363:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1363:03 advisory. dnsmasq: heap-based buffer overflow in sortrrset when DNSSEC is enabled CVE-2020-25681 dnsmasq: buffer overflow in extractname due to missing length...
MiracleLinux 3 : bind-9.3.6-4.P1.2.1.AXS3 (AXSA:2010-77:01)
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-77:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves hos...
MiracleLinux 3 : bind-9.3.6-4.P1.1.1AXS3 (AXSA:2009-425:4)
"The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-425:4 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names t...
[SECURITY] Fedora 43 Update: unbound-1.24.2-1.fc43
Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...
Security update for bind
This update for bind fixes the following issues: CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380. Patch...
Security update for bind
This update for bind fixes the following issues: Upgrade to release 9.20.15: CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number...
OESA-2025-2609 bind security update
Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: Certain...
Siemens SIMATIC Devices Channel Accessible by Non-Endpoint (CVE-2023-7008)
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. This plugin only works with Tenable.ot. Please visit...
DNSSEC validation may accept broken authentication chains
...
Linux Distros Unpatched Vulnerability : CVE-2020-25687
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the...
CLSA-2025-1756230743 unbound: Fix of CVE-2023-50868
CVE-2023-50868: avoid availabiluty of the remote attackers to cause a denial of service using DNSSEC...
Linux Distros Unpatched Vulnerability : CVE-2024-7883
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secu...
Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
...