SUSE-SU-2026:1351-1 Security update for bind

This update for bind fixes the following issues: Security issues: - CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service bsc1260805. - CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS bsc1260567. - CVE-2026-3119:...

ISC BIND 9.20.0 < 9.20.11 / 9.20.9-S1 < 9.20.11-S1 / 9.21.0 < 9.21.10 Assertion Failure (cve-2025-40777)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40777 advisory. - If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer- client-timeout set to 0 the...

EUVD-2025-21736

Malicious code in bioql PyPI...

Important: bind

Issue Overview: If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of...

Linux Distros Unpatched Vulnerability : CVE-2025-40777

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer- client-timeout set to 0 the only allowable value other than...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2025-1105)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1105 advisory. If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer- client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process o...

AZL-65553 CVE-2025-40777 affecting package bind for versions less than 9.20.15-1

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

DEBIAN-CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

UBUNTU-CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

Fedora 26 : knot-resolver (2017-45ebf1e164)

new upstream release - security fix + security: Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the daemon received answer with invalid RRSIG several times in a row. + fix: layer/iterate: some improvements in cname chain unrolling + fix: layer/validate: fix duplicate...

squid: Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service daemon abort via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record...