Astra Linux - уязвимость в unbound, bind9

The “Closest Encloser Proof” aspect of the DNS protocol as described in RFC 5155, when the guidance provided in RFC 9276 is skipped enables remote attackers to cause a denial of service resulting in high CPU usage for SHA-1 calculations through DNSSEC responses during a random subdomain attack,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: Suppressing the bind attributes in sysfs. This is a special device that is created dynamically and is supposed to remain in memory forever. Currently, there is no devlink between this device and the actual reset...

Astra Linux - уязвимость в bind9

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of the BIND Supported Preview Edition, as well as release version 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploiting broken authoritative servers using a flaw in response...

Astra Linux - уязвимость в linux

The net/nfc/llcpsock.c file in the Linux kernel before version 5.12.10 allowed local unprivileged users to cause a denial of service by making a getsockname call after a certain type of failure in a bind call. This vulnerability results in NULL pointer dereferencing and other bugs...

Astra Linux - уязвимость в bind9

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND supports the following preview editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 that are earlier than those shown—going back to 9.1.0, including the supported preview editions—are also believed to be affected, b...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed an object leak in the VMBIND error path. If we fail to perform a handle-lookup halfway through, we need to discard the already obtained object references. Patchwork: https://patchwork.freedesktop.org/patch/66978...

PT-2026-42207

Summary The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On...

CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

ISC BIND 9.11.0 < 9.18.49 / 9.11.3-S1 < 9.18.49-S1 / 9.18.0 < 9.18.49 / 9.18.11-S1 < 9.18.49-S1 / 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Assertion Failure (cve-2026-5946)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5946 advisory. - Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN for...

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

UBUNTU-CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

UBUNTU-CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

ISC BIND 9 竞争条件问题漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a race condition vulnerability, which stems from race conditions that lead to reusing resources after release, potentially causing undefined behaviors. The following versions are affected: 9.20.0 to...

ISC BIND 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-5947)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5947 advisory. - Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming D...

Linux Distros Unpatched Vulnerability : CVE-2026-43422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 usb: gadget: fncm: align netdevice...

Linux Distros Unpatched Vulnerability : CVE-2026-5947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begin...

ISC BIND 9.11.0 < 9.18.49 / 9.11.3-S1 < 9.18.49-S1 / 9.18.0 < 9.18.49 / 9.18.11-S1 < 9.18.49-S1 / 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-3592)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3592 advisory. - BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to...

ISC BIND 9.18.36 < 9.18.49 / 9.18.36-S1 < 9.18.49-S1 / 9.20.8 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.7 < 9.21.22 Vulnerability (cve-2026-5950)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5950 advisory. - An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a...

Linux Distros Unpatched Vulnerability : CVE-2026-5950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cau...

ISC BIND 9 输入验证错误漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a vulnerability related to input validation errors. This vulnerability stems from defects in handling non-Internet-related DNS messages, which may lead to assertion failures. The following versions are...