Several security issues were fixed in Bind.
Software Description:
- bind9: Internet Domain Name Server
Details:
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API
TKEY negotiation. A remote attacker could possibly use this issue to cause
Bind to use excessive resources, leading to a denial of service.
(CVE-2026-3039)
Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue
records. A remote attacker could possibly use this issue to use Bind in
denial of service amplification attacks against other systems.
(CVE-2026-3592)
Naresh Kandula Parmar discovered that Bind incorrectly handled memory in
the DNS-over-HTTPS implementation. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service, or
execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu
26.04 LTS. (CVE-2026-3593)
It was discovered that Bind incorrectly handled DNS messages whose class
was not IN. A remote attacker coul...
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS bind9 1:9.20.18-1ubuntu2.1 Ubuntu 25.10 bind9 1:9.20.11-1ubuntu2.4 Ubuntu 24.04 LTS bind9 1:9.18.39-0ubuntu0.24.04.5 Ubuntu 22.04 LTS bind9 1:9.18.39-0ubuntu0.22.04.4 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8293-1
CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946,
CVE-2026-5947, CVE-2026-5950
Get the latest Linux and open source security news straight to your inbox.