175 matches found
Updated bind packages fix security vulnerabilities
Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...
SUSE CVE-2026-5947
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Bind vulnerabilities (USN-8293-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8293-1 advisory. Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could...
USN-8293-1 bind9 vulnerabilities
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...
USN-8293-1: Bind vulnerabilities
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...
kernel security update
An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...
CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...
CVE-2026-5947
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...
CVE-2026-5947
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...
CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...
Linux Distros Unpatched Vulnerability : CVE-2026-5947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begin...
PT-2026-42164
Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.20.0 through 9.20.22 BIND 9 versions 9.21.0 through 9.21.21 BIND 9 versions 9.20.9-S1 through 9.20.22-S1 Description A race condition occurs when BIND receives an incoming DNS message signed with SIG0. While validating the...
CoreDNS TSIG authentication bypass on encrypted DNS transports
...
SUSE CVE-2026-43864
mutt before 2.3.2 has a showsigsummary NULL pointer dereference...
UBUNTU-CVE-2026-43864
mutt before 2.3.2 has a showsigsummary NULL pointer dereference...
CVE-2026-43864
mutt before 2.3.2 has a showsigsummary NULL pointer dereference...
CVE-2026-43864
mutt before 2.3.2 has a showsigsummary NULL pointer dereference...
CVE-2026-43864
mutt before 2.3.2 has a showsigsummary NULL pointer dereference...
CVE-2026-43864
Affected product: mutt. Vulnerability: show_sig_summary NULL pointer dereference in mutt before 2.3.2. Root cause: NULL pointer dereference in show_sig_summary. Impact: low (CVSS: LOW, LOCAL, user interaction required). References indicate a fix in the project history (commit linked). Remediation...
[SECURITY] Fedora 44 Update: kwin-x11-6.6.4-1.fc44
Alternative version of the KDE Window Manager KWin using the legacy X11 win dow system instead of the default Wayland. This version of KWin is required by plasma-workspace-x11, which provides the "Plasma X11" session type. This version is maintained by individual Fedora packagers and NOT supporte...