CVE-2026-5947 affecting package bind for versions less than 9.20.23-1

CVE-2026-5947 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-3593 affecting package bind for versions less than 9.20.23-1

CVE-2026-3593 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-5946 affecting package bind for versions less than 9.20.23-1

CVE-2026-5946 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-5950 affecting package bind for versions less than 9.20.23-1

CVE-2026-5950 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-3592 affecting package bind for versions less than 9.20.23-1

CVE-2026-3592 affecting package bind for versions less than 9.20.23-1. A patched version of the package is available...

CVE-2026-3039 affecting package bind for versions less than 9.20.23-1

CVE-2026-3039 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...

curl: lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window

Summary: curl's generic LDAP backend lib/ldap.c does not disable automatic LDAP referral chasing, unlike lib/openldap.c, which explicitly sets LDAPOPTREFERRALS to LDAPOPTOFF. As a result, a malicious first-hop LDAP server can return a referral to an attacker-controlled second LDAP server and caus...

Unbounded resend loop in BIND 9 resolver

...

Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

...

BIND 9 server memory exhaustion during GSS-API TKEY negotiation

...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Bind vulnerabilities (USN-8293-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8293-1 advisory. Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: bind: bind-9.18.49-1.hum1 aarch64, x8664 bind-chroot-9.18.49-1.hum1 aarch64, x8664 bind-devel-9.18.49-1.hum1 aarch64, x8664 bind-dnssec-utils-9.18.49-1.hum1 aarch64, x8664 bind-doc-9.18.49-1.hum1...

Security Bulletin: Vault Terraform Provider Incorrect Defaults for LDAP Auth Method, Resulting in Insecure Configuration and Potential Authentication Bypass

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in...

CVE-2026-3039

A flaw was found in BIND. A remote attacker can exploit this vulnerability by sending maliciously-constructed packets to BIND servers configured for TKEY-based authentication via GSS-API Generic Security Service Application Program Interface tokens. This can lead to excessive memory consumption,...

CVE-2026-5947

A flaw was found in BIND. A remote attacker could exploit a race condition during SIG0 signature validation of an incoming DNS message. If the "recursive-clients" limit is reached and the message is discarded, a use-after-free vulnerability may occur. This could lead to undefined behavior and...

CVE-2026-3593

A flaw was found in the BIND Berkeley Internet Name Domain DNS-over-HTTPS implementation. A remote attacker could send specially crafted HTTP/2 traffic to a DNS-over-HTTPS endpoint, leading to a use-after-free vulnerability. This could trigger memory corruption, potentially allowing the attacker ...

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.49-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Fix outgoing zone transfers' quota issue. Limit resolver...