SUSE Package Hub - SUSE-PackageHub-16.0-573

Update Info

SUSE-PackageHub-16.0-573

Security update for bind

Type: security

Severity: important

Issued: 2026-04-16

Description:

This update for bind fixes the following issues:

- Update to release 9.20.21
- CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805).
- CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567).
- CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568).
- CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569).

References

CVE: CVE-2026-3591
CVE: CVE-2026-3119
CVE: CVE-2026-3104
CVE: CVE-2026-1519
Bugzilla: 1260805 VUL-0: CVE-2026-1519: bind: maliciously crafted DNSSEC-validated zone can lead to denial of service
Bugzilla: 1260569 VUL-0: CVE-2026-3591: bind: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass
Bugzilla: 1260568 VUL-0: CVE-2026-3119: bind: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly
Bugzilla: 1260567 VUL-0: CVE-2026-3104: bind: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS
Bugzilla: 1259202 VUL-1: bind: use-after-free error in `dns_client_resolve()` triggered by a DNAME response

Packages

bind-9.20.21-160000.1.1