Alerts This Week
Warning Icon 1 1,220
Alerts This Week
Warning Icon 1 1,220

SUSE BIND Important Memory Exhaustion Denial of Service Vuln 2026-2673-1

suse
Calendar Grey June 29, 2026
Dist Suse Esm H88
Critical security update for BIND on SUSE addresses multiple vulnerabilities, enhancing system protection and stability.
An update that solves five vulnerabilities and has one security fix can now be installed.

Summary

## This update for bind fixes the following issues: Security issues: * CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation (bsc#1265591). * CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records (bsc#1265592). * CVE-2026-5946: Invalid handling of CLASS != IN (bsc#1265594). * CVE-2026-5947: SIG(0) validation during query flood may lead to undefined behavior (bsc#1265595). * CVE-2026-5950: Unbounded resend loop in BIND 9 resolver (bsc#1265596). Non security issue: * bind test failed with version 9.20.21 (bsc#1263494). * Upgrade to release 9.20.23 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory denial of service SuSE bind important memory exhaustion

References

* bsc#1263494

* bsc#1265591

* bsc#1265592

* bsc#1265594

* bsc#1265595

* bsc#1265596

Cross-

* CVE-2026-3039

* CVE-2026-3592

* CVE-2026-5946

* CVE-2026-5947

* CVE-2026-5950

CVSS scores:

* CVE-2026-3039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-3039 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-3592 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-3592 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-5946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-5946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-5947 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-5947 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2673-1
Release Date: 2026-06-29T09:32:13Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SuSE bind important memory exhaustion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here