Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Mageia 9 Bind Critical Malformed Record Termination Issues MGASA-2026-0152

mageia
Calendar Grey May 19, 2026
Dist Mageia Esm H88
Updated bind packages in Mageia resolve critical vulnerabilities impacting DNS performance and stability. Avoid risks now.
MGASA-2026-0152 - Updated bind packages fix security vulnerabilities

Summary

Description: It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly (CVE-2025-13878). If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (CVE-2026-1519).

References

- https://bugs.mageia.org/show_bug.cgi?id=35283

- https://bugs.mageia.org/show_bug.cgi?id=35049

- https://www.openwall.com/lists/oss-security/2026/01/21/3

- https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries

- https://kb.isc.org/docs/cve-2026-1519

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13878

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1519

Resolution

SRPMS

- 9/core/bind-9.18.47-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 19 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0152.html
Type: security
CVE: CVE-2025-13878, CVE-2026-1519

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here