Updated bind packages fix security vulnerabilities
Publication date: 29 May 2026Modification date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-3039 , CVE-2026-3592 , CVE-2026-3593 , CVE-2026-5946 , CVE-2026-5947 , CVE-2026-5950
Description
Updated bind package fixes security vulnerabilities:
* BIND 9 server memory exhaustion during GSS-API TKEY negotiation
(CVE-2026-3039)
* Amplification vulnerabilities via self-pointed glue records
(CVE-2026-3592)
* Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS
implementation (CVE-2026-3593)
* Invalid handling of CLASS != IN (CVE-2026-5946)
* SIG(0) validation during query flood may lead to undefined behavior
(CVE-2026-5947)
*Unbounded resend loop in BIND 9 resolver (CVE-2026-5950)
References
- https://bugs.mageia.org/show_bug.cgi?id=35557
- https://www.openwall.com/lists/oss-security/2026/05/20/11
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3039
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3592
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5946
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5950
SRPMS
9/core
- bind-9.18.49-1.mga9