{"schema_version":"1.7.2","id":"OESA-2026-2656","modified":"2026-06-12T12:26:26Z","published":"2026-06-12T12:26:26Z","upstream":["CVE-2026-3039","CVE-2026-3592","CVE-2026-5946"],"summary":"bind security update","details":"BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.\r\n\r\nSecurity Fix(es):\n\nBIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets.  Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.(CVE-2026-3039)\n\nBIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.  If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.(CVE-2026-3592)\n\nMultiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.(CVE-2026-5946)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"bind","purl":"pkg:rpm/openEuler/bind&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.16.23-30.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["bind-9.16.23-30.oe2203sp4.aarch64.rpm","bind-chroot-9.16.23-30.oe2203sp4.aarch64.rpm","bind-debuginfo-9.16.23-30.oe2203sp4.aarch64.rpm","bind-debugsource-9.16.23-30.oe2203sp4.aarch64.rpm","bind-devel-9.16.23-30.oe2203sp4.aarch64.rpm","bind-dnssec-utils-9.16.23-30.oe2203sp4.aarch64.rpm","bind-libs-9.16.23-30.oe2203sp4.aarch64.rpm","bind-pkcs11-9.16.23-30.oe2203sp4.aarch64.rpm","bind-pkcs11-devel-9.16.23-30.oe2203sp4.aarch64.rpm","bind-pkcs11-libs-9.16.23-30.oe2203sp4.aarch64.rpm","bind-pkcs11-utils-9.16.23-30.oe2203sp4.aarch64.rpm","bind-utils-9.16.23-30.oe2203sp4.aarch64.rpm"],"noarch":["bind-dnssec-doc-9.16.23-30.oe2203sp4.noarch.rpm","bind-license-9.16.23-30.oe2203sp4.noarch.rpm","python3-bind-9.16.23-30.oe2203sp4.noarch.rpm"],"src":["bind-9.16.23-30.oe2203sp4.src.rpm"],"x86_64":["bind-9.16.23-30.oe2203sp4.x86_64.rpm","bind-chroot-9.16.23-30.oe2203sp4.x86_64.rpm","bind-debuginfo-9.16.23-30.oe2203sp4.x86_64.rpm","bind-debugsource-9.16.23-30.oe2203sp4.x86_64.rpm","bind-devel-9.16.23-30.oe2203sp4.x86_64.rpm","bind-dnssec-utils-9.16.23-30.oe2203sp4.x86_64.rpm","bind-libs-9.16.23-30.oe2203sp4.x86_64.rpm","bind-pkcs11-9.16.23-30.oe2203sp4.x86_64.rpm","bind-pkcs11-devel-9.16.23-30.oe2203sp4.x86_64.rpm","bind-pkcs11-libs-9.16.23-30.oe2203sp4.x86_64.rpm","bind-pkcs11-utils-9.16.23-30.oe2203sp4.x86_64.rpm","bind-utils-9.16.23-30.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2656"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3592"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5946"}],"database_specific":{"severity":"High"}}