Stay Secure with the Latest Linux Advisories

security advisoryfedoraGSS-API

Fedora 43 BIND 9.18.49 Important Security Fixes for DNS Issues

Update to 9.18.49 (rhbz#2480121) Security Fixes: Limit resolver server list size. (CVE-2026-3592) Fix GSS-API resource leak. (CVE-2026-3039) Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b626e83a45 2026-05-26 01:20:50.020972+00:00 -------------------------------------------------------------------------------- Name : bind Product : Fedora 43 Version : 9.18.49 Release : 1.fc43 URL : https://www.isc.org/downloads/bind/ Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. -------------------------------------------------------------------------------- Update Information: Update to 9.18.49 (rhbz#2480121) Security Fixes: Limit resolver server list size. (CVE-2026-3592) Fix GSS-API resource leak. (CVE-2026-3039) Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946) Avoid unbounded recursion loop. (CVE-2026-5950) Fix outgoing zone transfers' quota issue. Feature Changes: Fix CPU spikes and slow queries when cache approaches memory limit. Bug Fixes: Fix named crash when processing SIG records in dynamic updates. Fix rndc modzone behavior for a zone in named.conf. Fix zone verification of NSEC3 signed zones. Prevent a crash when using both dns64 and filter-aaaa. Fixed an assertion failure when processing catalog zones. Prevent malicious DNSSEC zones from exhausting validator CPU. Fix rndc-confgen aborting on HMAC-SHA-384/512 keys above 512 bits. Prevent crafted queries from degrading RRL performance. Fix a bug in allow-query/allow-transfer catalog zone customproperties. Fix a memory leak issue in catalog zones. Fix suppressed missing-glue check in named-checkzone. Reject record sets too large to serve in DNS. Source: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for- bind-9-18-49 -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2026 Petr Men\u0161k - 32:9.18.49-1 - Update to 9.18.49 (rhbz#2480121) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2480121 - bind-9.18.49 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480121 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b626e83a45' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Discover important security fixes in Fedora 43 BIND 9.18.49, addressing critical resource leaks and recursion issues.. Fedora BIND Update, DNS Security Fixes, CVE-2026-3039, Server Resource Management. . Severity: Important. LinuxSecurity.com Team

May 26, 2026 •Important Fedora