Updated bind packages fix security vulnerabilities
Publication date: 19 May 2026Modification date: 19 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13878 , CVE-2026-1519
Description
It was discovered that bind contained a vulnerability where a Malformed
BRID/HHIT record can cause named to terminate unexpectedly
(CVE-2025-13878).
If a BIND resolver is performing DNSSEC validation and encounters a
maliciously crafted zone, the resolver may consume excessive CPU.
Authoritative-only servers are generally unaffected, although there are
circumstances where authoritative servers may make recursive queries
(CVE-2026-1519).
References
- https://bugs.mageia.org/show_bug.cgi?id=35283
- https://bugs.mageia.org/show_bug.cgi?id=35049
- https://www.openwall.com/lists/oss-security/2026/01/21/3
- https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries
- https://kb.isc.org/docs/cve-2026-1519
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1519
SRPMS
9/core
- bind-9.18.47-1.mga9