{"id":"USN-8124-1","summary":"bind9 vulnerabilities","details":"Samy Medjahed discovered that Bind incorrectly handled insecure\ndelegation validation. A remote attacker could possibly use this issue to\ncause excessive NSEC3 iterations, consuming CPU resources, and leading to a\ndenial of service. (CVE-2026-1519)\n\nVitaly Simonovich discovered that Bind incorrectly handled memory when\npreparing DNSSEC proofs of non-existence. A remote attacker could possibly\nuse this issue to cause memory consumption, leading to a denial of service.\nThis issue only affected Ubuntu 25.10. (CVE-2026-3104)\n\nVitaly Simonovich discovered that Bind incorrectly handled authenticated\nqueries containing TKEY records. A remote attacker could possibly use this\nissue to cause Bind to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 25.10. (CVE-2026-3119)\n\nIt was discovered that Bind incorrectly handled DNS queries signed with\nSIG(0). A remote attacker could possibly use this issue to bypass ACLs.\nThis issue only affected Ubuntu 25.10. (CVE-2026-3591)","modified":"2026-04-24T10:11:04.375900Z","published":"2026-03-25T16:32:48Z","related":["UBUNTU-CVE-2026-1519","UBUNTU-CVE-2026-3104","UBUNTU-CVE-2026-3119","UBUNTU-CVE-2026-3591"],"upstream":["CVE-2026-1519","CVE-2026-3104","CVE-2026-3119","CVE-2026-3591","UBUNTU-CVE-2026-1519","UBUNTU-CVE-2026-3104","UBUNTU-CVE-2026-3119","UBUNTU-CVE-2026-3591"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8124-1"}],"affected":[{"package":{"name":"bind9","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/bind9@1:9.18.39-0ubuntu0.22.04.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.18.39-0ubuntu0.22.04.3"}]}],"versions":["1:9.16.15-1ubuntu1","1:9.16.15-1ubuntu2","1:9.16.15-1ubuntu3","1:9.18.0-2ubuntu1","1:9.18.0-2ubuntu2","1:9.18.0-2ubuntu3","1:9.18.1-1ubuntu1","1:9.18.1-1ubuntu1.1","1:9.18.1-1ubuntu1.2","1:9.18.1-1ubuntu1.3","1:9.18.12-0ubuntu0.22.04.1","1:9.18.12-0ubuntu0.22.04.2","1:9.18.12-0ubuntu0.22.04.3","1:9.18.18-0ubuntu0.22.04.1","1:9.18.18-0ubuntu0.22.04.2","1:9.18.24-0ubuntu0.22.04.1","1:9.18.28-0ubuntu0.22.04.1","1:9.18.30-0ubuntu0.22.04.1","1:9.18.30-0ubuntu0.22.04.2","1:9.18.39-0ubuntu0.22.04.1","1:9.18.39-0ubuntu0.22.04.2"],"ecosystem_specific":{"binaries":[{"binary_name":"bind9","binary_version":"1:9.18.39-0ubuntu0.22.04.3"},{"binary_name":"bind9-dnsutils","binary_version":"1:9.18.39-0ubuntu0.22.04.3"},{"binary_name":"bind9-host","binary_version":"1:9.18.39-0ubuntu0.22.04.3"},{"binary_name":"bind9-libs","binary_version":"1:9.18.39-0ubuntu0.22.04.3"},{"binary_name":"bind9-utils","binary_version":"1:9.18.39-0ubuntu0.22.04.3"},{"binary_name":"bind9utils","binary_version":"1:9.18.39-0ubuntu0.22.04.3"},{"binary_name":"dnsutils","binary_version":"1:9.18.39-0ubuntu0.22.04.3"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8124-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]}}},{"package":{"name":"bind9","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/bind9@1:9.18.39-0ubuntu0.24.04.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.18.39-0ubuntu0.24.04.3"}]}],"versions":["1:9.18.18-0ubuntu2","1:9.18.21-0ubuntu1","1:9.18.24-0ubuntu3","1:9.18.24-0ubuntu4","1:9.18.24-0ubuntu5","1:9.18.28-0ubuntu0.24.04.1","1:9.18.30-0ubuntu0.24.04.1","1:9.18.30-0ubuntu0.24.04.2","1:9.18.39-0ubuntu0.24.04.1","1:9.18.39-0ubuntu0.24.04.2"],"ecosystem_specific":{"binaries":[{"binary_name":"bind9","binary_version":"1:9.18.39-0ubuntu0.24.04.3"},{"binary_name":"bind9-dnsutils","binary_version":"1:9.18.39-0ubuntu0.24.04.3"},{"binary_name":"bind9-host","binary_version":"1:9.18.39-0ubuntu0.24.04.3"},{"binary_name":"bind9-libs","binary_version":"1:9.18.39-0ubuntu0.24.04.3"},{"binary_name":"bind9-utils","binary_version":"1:9.18.39-0ubuntu0.24.04.3"},{"binary_name":"bind9utils","binary_version":"1:9.18.39-0ubuntu0.24.04.3"},{"binary_name":"dnsutils","binary_version":"1:9.18.39-0ubuntu0.24.04.3"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8124-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[]}}},{"package":{"name":"bind9","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/bind9@1:9.20.11-1ubuntu2.2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.20.11-1ubuntu2.2"}]}],"versions":["1:9.20.4-3ubuntu1","1:9.20.4-3ubuntu2","1:9.20.4-3ubuntu3","1:9.20.9-2ubuntu1","1:9.20.10-1ubuntu1","1:9.20.11-1ubuntu1","1:9.20.11-1ubuntu2","1:9.20.11-1ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_name":"bind9","binary_version":"1:9.20.11-1ubuntu2.2"},{"binary_name":"bind9-dnsutils","binary_version":"1:9.20.11-1ubuntu2.2"},{"binary_name":"bind9-host","binary_version":"1:9.20.11-1ubuntu2.2"},{"binary_name":"bind9-libs","binary_version":"1:9.20.11-1ubuntu2.2"},{"binary_name":"bind9-utils","binary_version":"1:9.20.11-1ubuntu2.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8124-1.json","cves_map":{"ecosystem":"Ubuntu:25.10","cves":[]}}}],"schema_version":"1.7.5"}