SB2026052213 - Fedora 43 update for bind, bind-dyndb-ldap

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026052213

SB2026052213 - Fedora 43 update for bind, bind-dyndb-ldap

Published: May 22, 2026

Security Bulletin ID SB2026052213
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2026-3592)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper handling of self-pointed glue records in BIND resolver processing when resolving names in a specially crafted zone. A remote attacker can induce the resolver to query a specially crafted zone to cause a denial of service.

The issue predominantly affects recursive resolvers. Authoritative-only servers containing only trustworthy zones and names are believed to be unaffected.


2) Memory leak (CVE-ID: CVE-2026-3039)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper resource management in the GSS-API TKEY negotiation handling in BIND 9 when processing maliciously constructed packets. A remote attacker can send specially crafted packets to cause a denial of service.

Only servers configured to use TKEY-based authentication via GSS-API tokens are vulnerable.


3) Improper handling of exceptional conditions (CVE-ID: CVE-2026-5946)

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper handling of non-internet dns class values in named when processing specially crafted dns messages. A remote attacker can send specially crafted dns messages to cause a denial of service.

Affected code paths include recursion, dynamic updates, zone change notifications, and processing of IN-specific record types in non-IN data. Both authoritative servers and resolvers are affected.


4) Resource exhaustion (CVE-ID: CVE-2026-5950)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper control of resource consumption in the resolver state machine bad-server handling in BIND 9 when processing queries that trigger specific retry conditions. A remote attacker can send specially crafted queries to cause a denial of service.

Resolvers are affected, while authoritative services are believed to be unaffected.


Remediation

Install update from vendor's website.

References