Fedora 43 : bind / bind-dyndb-ldap (2026-b626e83a45)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b626e83a45 advisory. Update to 9.18.49 rhbz2480121 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...

TencentOS Server 3: bind9.16 (TSSA-2026:0359)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0359 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: bind (TSSA-2026:0362)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0362 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Malicious code in koishi-plugin-yuan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...

[SECURITY] Fedora 44 Update: bind-dyndb-ldap-11.11-15.fc44

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

Fedora 44 : bind / bind-dyndb-ldap (2026-411248c8d9)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-411248c8d9 advisory. Update to 9.18.49 rhbz2480121 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

CVE-2026-5947 affecting package bind for versions less than 9.20.23-1

CVE-2026-5947 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-5946 affecting package bind for versions less than 9.20.23-1

CVE-2026-5946 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-3039 affecting package bind for versions less than 9.20.23-1

CVE-2026-3039 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-3592 affecting package bind for versions less than 9.20.23-1

CVE-2026-3592 affecting package bind for versions less than 9.20.23-1. A patched version of the package is available...

CVE-2026-3593 affecting package bind for versions less than 9.20.23-1

CVE-2026-3593 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-5950 affecting package bind for versions less than 9.20.23-1

CVE-2026-5950 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

curl: lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window

Summary: curl's generic LDAP backend lib/ldap.c does not disable automatic LDAP referral chasing, unlike lib/openldap.c, which explicitly sets LDAPOPTREFERRALS to LDAPOPTOFF. As a result, a malicious first-hop LDAP server can return a referral to an attacker-controlled second LDAP server and caus...

Unbounded resend loop in BIND 9 resolver

...

Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

...

BIND 9 server memory exhaustion during GSS-API TKEY negotiation

...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Bind vulnerabilities (USN-8293-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8293-1 advisory. Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: bind: bind-9.18.49-1.hum1 aarch64, x8664 bind-chroot-9.18.49-1.hum1 aarch64, x8664 bind-devel-9.18.49-1.hum1 aarch64, x8664 bind-dnssec-utils-9.18.49-1.hum1 aarch64, x8664 bind-doc-9.18.49-1.hum1...

Security Bulletin: Vault Terraform Provider Incorrect Defaults for LDAP Auth Method, Resulting in Insecure Configuration and Potential Authentication Bypass

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in...