Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

CVE-2026-45964

SUNRPC: fix gssauth kref leak in gssallocmsg error path...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...

USN-8293-1 bind9 vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

USN-8293-1: Bind vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

BIT-POSTGRESQL-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6691

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

CVE-2026-40355

MIT Kerberos 5 (krb5) before 1.22.3 is affected by a NULL pointer dereference in gss_accept_sec_context when a NegoEx mechanism is registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message (denial of service). Affected...

JLSEC-2026-48

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CLSA-2026-1774366569 Fix CVE(s): CVE-2026-3497

SECURITY UPDATE: pre-auth crash via GSSAPI key exchange - debian/patches/CVE-2026-3497.patch: replace sshpktdisconnect with sshpacketdisconnect and initialize gssbufferdesc variables in kexgssc.c, kexgsss.c. - CVE-2026-3497...

SUSE CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

EUVD-2005-1127

Malware in sbrugna...

EUVD-2010-0659

Malware in sbrugna...

EUVD-2010-1350

Malware in sbrugna...

EUVD-2022-34729

Malicious code in bioql PyPI...

curl: Race condition on global `gss_context` during SOCKS5 GSS-API negotiation in libcurl

Summary: Concurrent SOCKS5 GSS-API authentications share a file-scope global gsscontext without synchronization, causing data races and undefined behavior. - Global context defined at: 52:54:curl/lib/socksgssapi.c static gssctxidt gsscontext = GSSCNOCONTEXT; - Passed by address into the GSS init...

Linux Distros Unpatched Vulnerability : CVE-2022-2469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client CVE-2022-2469 Note that Nessus relies on the presence of the packag...