Fedora 43 BIND 9.18.49 Important Security Fixes for DNS Issues

BIND (Berkeley Internet Name Domain) is an implementation of the DNS

(Domain Name System) protocols. BIND includes a DNS server (named),

which resolves host names to IP addresses; a resolver library

(routines for applications to use when interfacing with DNS); and

tools for verifying that the DNS server is operating properly.

Update to 9.18.49 (rhbz#2480121) Security Fixes: Limit resolver server list size. (CVE-2026-3592) Fix GSS-API resource leak. (CVE-2026-3039) Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946) Avoid unbounded recursion loop. (CVE-2026-5950) Fix outgoing zone transfers' quota issue. Feature Changes: Fix CPU spikes and slow queries when cache approaches memory limit. Bug Fixes: Fix named crash when processing SIG records in dynamic updates. Fix rndc modzone behavior for a zone in named.conf. Fix zone verification of NSEC3 signed zones. Prevent a crash when using both dns64 and filter-aaaa. Fixed an assertion failure when processing catalog zones. Prevent malicious DNSSEC zones from exhausting validator CPU. Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits. Prevent crafted queries from degrading RRL performance. Fix a bug in allow-query/allow-transfer catalog zone custom properties. Fix a memory leak issue in catalog zones. Fix suppressed missing-gl...