{"id":"OESA-2026-2655","summary":"bind security update","details":"BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.\r\n\r\nSecurity Fix(es):\n\nBIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets.  Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.(CVE-2026-3039)\n\nBIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.  If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.(CVE-2026-3592)\n\nMultiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.(CVE-2026-5946)","modified":"2026-06-12T12:45:05.447369786Z","published":"2026-06-12T12:26:24Z","upstream":["CVE-2026-3039","CVE-2026-3592","CVE-2026-5946"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2655"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3592"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5946"}],"affected":[{"package":{"name":"bind","ecosystem":"openEuler:20.03-LTS-SP4","purl":"pkg:rpm/openEuler/bind&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.11.21-24.oe2003sp4"}]}],"ecosystem_specific":{"src":["bind-9.11.21-24.oe2003sp4.src.rpm"],"aarch64":["bind-9.11.21-24.oe2003sp4.aarch64.rpm","bind-chroot-9.11.21-24.oe2003sp4.aarch64.rpm","bind-debuginfo-9.11.21-24.oe2003sp4.aarch64.rpm","bind-debugsource-9.11.21-24.oe2003sp4.aarch64.rpm","bind-devel-9.11.21-24.oe2003sp4.aarch64.rpm","bind-export-devel-9.11.21-24.oe2003sp4.aarch64.rpm","bind-export-libs-9.11.21-24.oe2003sp4.aarch64.rpm","bind-libs-9.11.21-24.oe2003sp4.aarch64.rpm","bind-libs-lite-9.11.21-24.oe2003sp4.aarch64.rpm","bind-pkcs11-9.11.21-24.oe2003sp4.aarch64.rpm","bind-pkcs11-devel-9.11.21-24.oe2003sp4.aarch64.rpm","bind-utils-9.11.21-24.oe2003sp4.aarch64.rpm"],"noarch":["python3-bind-9.11.21-24.oe2003sp4.noarch.rpm"],"x86_64":["bind-9.11.21-24.oe2003sp4.x86_64.rpm","bind-chroot-9.11.21-24.oe2003sp4.x86_64.rpm","bind-debuginfo-9.11.21-24.oe2003sp4.x86_64.rpm","bind-debugsource-9.11.21-24.oe2003sp4.x86_64.rpm","bind-devel-9.11.21-24.oe2003sp4.x86_64.rpm","bind-export-devel-9.11.21-24.oe2003sp4.x86_64.rpm","bind-export-libs-9.11.21-24.oe2003sp4.x86_64.rpm","bind-libs-9.11.21-24.oe2003sp4.x86_64.rpm","bind-libs-lite-9.11.21-24.oe2003sp4.x86_64.rpm","bind-pkcs11-9.11.21-24.oe2003sp4.x86_64.rpm","bind-pkcs11-devel-9.11.21-24.oe2003sp4.x86_64.rpm","bind-utils-9.11.21-24.oe2003sp4.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2655.json"}}],"schema_version":"1.7.5"}