Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-13878 (GCVE-0-2025-13878)
Vulnerability from cvelistv5 – Published: 2026-01-21 14:43 – Updated: 2026-01-21 18:13
VLAI?
EPSS
Title
Malformed BRID/HHIT records can cause named to terminate unexpectedly
Summary
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Date Public ?
2026-01-21 00:00
Credits
ISC would like to thank Vlatko Kosturjak from Marlink Cyber for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T14:57:50.807267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T14:58:14.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-21T18:13:38.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/21/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.18.43",
"status": "affected",
"version": "9.18.40",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.17",
"status": "affected",
"version": "9.20.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.16",
"status": "affected",
"version": "9.21.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.43-S1",
"status": "affected",
"version": "9.18.40-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.17-S1",
"status": "affected",
"version": "9.20.13-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.43",
"versionStartIncluding": "9.18.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.17",
"versionStartIncluding": "9.20.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.16",
"versionStartIncluding": "9.21.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.43-S1",
"versionStartIncluding": "9.18.40-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.17-S1",
"versionStartIncluding": "9.20.13-S1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Vlatko Kosturjak from Marlink Cyber for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can cause `named` to crash by sending a request that results in a corrupt or malicious record."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T14:43:27.260Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-13878",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-13878"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.18.44"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.18"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.17"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.44, 9.20.18, 9.21.17, 9.18.44-S1, or 9.20.18-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Malformed BRID/HHIT records can cause named to terminate unexpectedly",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-13878",
"datePublished": "2026-01-21T14:43:27.260Z",
"dateReserved": "2025-12-02T11:08:04.266Z",
"dateUpdated": "2026-01-21T18:13:38.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-13878",
"date": "2026-05-04",
"epss": "0.00043",
"percentile": "0.12818"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-13878\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2026-01-21T15:16:05.650\",\"lastModified\":\"2026-01-26T15:04:59.737\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"references\":[{\"url\":\"https://downloads.isc.org/isc/bind9/9.18.44\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://downloads.isc.org/isc/bind9/9.20.18\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://downloads.isc.org/isc/bind9/9.21.17\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://kb.isc.org/docs/cve-2025-13878\",\"source\":\"security-officer@isc.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/01/21/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/01/21/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-01-21T18:13:38.157Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13878\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-21T14:57:50.807267Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-21T14:58:00.482Z\"}}], \"cna\": {\"title\": \"Malformed BRID/HHIT records can cause named to terminate unexpectedly\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"ISC would like to thank Vlatko Kosturjak from Marlink Cyber for bringing this vulnerability to our attention.\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker can cause `named` to crash by sending a request that results in a corrupt or malicious record.\"}]}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"ISC\", \"product\": \"BIND 9\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.18.40\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.18.43\"}, {\"status\": \"affected\", \"version\": \"9.20.13\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.20.17\"}, {\"status\": \"affected\", \"version\": \"9.21.12\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.21.16\"}, {\"status\": \"affected\", \"version\": \"9.18.40-S1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.18.43-S1\"}, {\"status\": \"affected\", \"version\": \"9.20.13-S1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.20.17-S1\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"We are not aware of any active exploits.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.44, 9.20.18, 9.21.17, 9.18.44-S1, or 9.20.18-S1.\"}], \"datePublic\": \"2026-01-21T00:00:00.000Z\", \"references\": [{\"url\": \"https://kb.isc.org/docs/cve-2025-13878\", \"name\": \"CVE-2025-13878\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://downloads.isc.org/isc/bind9/9.18.44\", \"tags\": [\"patch\"]}, {\"url\": \"https://downloads.isc.org/isc/bind9/9.20.18\", \"tags\": [\"patch\"]}, {\"url\": \"https://downloads.isc.org/isc/bind9/9.21.17\", \"tags\": [\"patch\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"No workarounds known.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-617\", \"description\": \"CWE-617 Reachable Assertion\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"9.18.43\", \"versionStartIncluding\": \"9.18.40\"}, {\"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"9.20.17\", \"versionStartIncluding\": \"9.20.13\"}, {\"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"9.21.16\", \"versionStartIncluding\": \"9.21.12\"}, {\"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"9.18.43-S1\", \"versionStartIncluding\": \"9.18.40-S1\"}, {\"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"9.20.17-S1\", \"versionStartIncluding\": \"9.20.13-S1\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"404fd4d2-a609-4245-b543-2c944a302a22\", \"shortName\": \"isc\", \"dateUpdated\": \"2026-01-21T14:43:27.260Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-13878\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-21T18:13:38.157Z\", \"dateReserved\": \"2025-12-02T11:08:04.266Z\", \"assignerOrgId\": \"404fd4d2-a609-4245-b543-2c944a302a22\", \"datePublished\": \"2026-01-21T14:43:27.260Z\", \"assignerShortName\": \"isc\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
NCSC-2026-0038
Vulnerability from csaf_ncscnl - Published: 2026-01-23 08:54 - Updated: 2026-01-23 08:54Summary
Kwetsbaarheid verholpen in BIND 9
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: ICS heeft een kwetsbaarheid verholpen in BIND 9.
Interpretaties: De kwetsbaarheid bevindt zich in bepaalde versies van BIND 9, waar verkeerd gevormde BRID/HHIT-records kunnen leiden tot de onverwachte beëindiging van de `named`-service, die cruciaal is voor DNS-resolutie. Deze kwetsbaarheid stelt aanvallers in staat om de service te laten crashen door middel van speciaal vervaardigde verzoeken, wat resulteert in een denial-of-service en de beschikbaarheid van DNS-diensten beïnvloedt.
Oplossingen: ICS heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-617: Reachable Assertion
CWE-1286: Improper Validation of Syntactic Correctness of Input
Malformed BRID/HHIT records in specific BIND 9 versions can cause the `named` service to crash, leading to a denial of service for DNS resolution.
7.5 (High)
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "ICS heeft een kwetsbaarheid verholpen in BIND 9.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheid bevindt zich in bepaalde versies van BIND 9, waar verkeerd gevormde BRID/HHIT-records kunnen leiden tot de onverwachte be\u00ebindiging van de `named`-service, die cruciaal is voor DNS-resolutie. Deze kwetsbaarheid stelt aanvallers in staat om de service te laten crashen door middel van speciaal vervaardigde verzoeken, wat resulteert in een denial-of-service en de beschikbaarheid van DNS-diensten be\u00efnvloedt.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "ICS heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Reachable Assertion",
"title": "CWE-617"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://kb.isc.org/docs/cve-2025-13878"
}
],
"title": "Kwetsbaarheid verholpen in BIND 9",
"tracking": {
"current_release_date": "2026-01-23T08:54:43.506215Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0038",
"initial_release_date": "2026-01-23T08:54:43.506215Z",
"revision_history": [
{
"date": "2026-01-23T08:54:43.506215Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "BIND 9"
}
],
"category": "vendor",
"name": "ISC"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13878",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "other",
"text": "Reachable Assertion",
"title": "CWE-617"
},
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "description",
"text": "Malformed BRID/HHIT records in specific BIND 9 versions can cause the `named` service to crash, leading to a denial of service for DNS resolution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-13878 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-13878.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-13878"
}
]
}
RHSA-2026:6935
Vulnerability from csaf_redhat - Published: 2026-04-07 23:30 - Updated: 2026-04-28 15:19Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6935
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.
A flaw was found in bind. A remote attacker can send a specially crafted request that results in a corrupt or malicious record, causing the 'named' service to crash. This vulnerability leads to a Denial of Service (DoS) for authoritative servers and resolvers.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6935
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6935
Workaround
While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
8.6 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6935
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.
A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service (DoS) for legitimate users.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6935
Workaround
To mitigate this issue, disable DNSSEC validation on affected BIND resolvers. Alternatively, configure the BIND server as authoritative-only if recursive queries are not required. Disabling DNSSEC validation may reduce the security posture of the DNS resolver. A restart of the BIND service (`named`) is required for these changes to take effect and may temporarily interrupt DNS resolution.
A flaw was found in the BIND resolver. A remote attacker can exploit this vulnerability by querying a specially crafted domain, which causes a memory leak. This memory leak can lead to a Denial of Service (DoS) condition, making the BIND resolver unavailable to legitimate users.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6935
Workaround
To mitigate this issue, restrict access to the BIND resolver to trusted clients only. This can be achieved by configuring firewall rules to limit inbound connections to port 53 (UDP/TCP) from known, authorized IP addresses or networks. Alternatively, configure BIND to listen only on specific trusted interfaces or localhost.
Example using firewalld:
`firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<TRUSTED_IP_OR_NETWORK>" port port=53 protocol="udp" accept'`
`firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<TRUSTED_IP_OR_NETWORK>" port port=53 protocol="tcp" accept'`
`firewall-cmd --reload`
After applying changes, a restart of the BIND service may be required for the new configuration to take full effect. This may temporarily interrupt DNS resolution services.
A flaw was found in BIND, specifically within the `named` daemon. An authenticated remote attacker, possessing a valid Transaction Signature (TSIG) key configured on the server, could send a specially crafted query containing a TKEY record. This action may cause the `named` daemon to crash, leading to a Denial of Service (DoS) for the affected DNS service.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6935
Workaround
To mitigate this issue, restrict access to the `named` service to only trusted networks and clients. If Transaction Signature (TSIG) keys are not actively used or required, consider disabling them in the BIND configuration. If TSIG keys are necessary, ensure they are securely managed and only distributed to authorized clients. After making configuration changes, a restart of the `named` service may be required to apply the changes, which could temporarily impact DNS resolution.
A flaw was found in BIND, specifically in the named server's handling of DNS queries signed with SIG(0). A remote attacker could exploit this use-after-return vulnerability by sending a specially-crafted DNS request. This could cause an Access Control List (ACL) to improperly match an IP address, potentially leading to unauthorized access to resources.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:6935
Workaround
Restrict network access to the `named` service to trusted clients and networks. Configure firewall rules to limit inbound connections to the DNS service port (UDP/TCP 53). For example, using `firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<TRUSTED_IP_RANGE>" port port="53" protocol="udp" accept'` and `firewall-cmd --reload`. This action may impact DNS resolution for clients outside the specified trusted networks. A service reload or restart may be required for changes to take effect.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6935",
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8677",
"url": "https://access.redhat.com/security/cve/CVE-2025-8677"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-40780",
"url": "https://access.redhat.com/security/cve/CVE-2025-40780"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-40778",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13878",
"url": "https://access.redhat.com/security/cve/CVE-2025-13878"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3591",
"url": "https://access.redhat.com/security/cve/CVE-2026-3591"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3119",
"url": "https://access.redhat.com/security/cve/CVE-2026-3119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3104",
"url": "https://access.redhat.com/security/cve/CVE-2026-3104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1519",
"url": "https://access.redhat.com/security/cve/CVE-2026-1519"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6935.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-04-28T15:19:49+00:00",
"generator": {
"date": "2026-04-28T15:19:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.6"
}
},
"id": "RHSA-2026:6935",
"initial_release_date": "2026-04-07T23:30:26+00:00",
"revision_history": [
{
"date": "2026-04-07T23:30:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T19:59:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-28T15:19:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-main@aarch64",
"product": {
"name": "bind-main@aarch64",
"product_id": "bind-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind@9.18.48-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-main@src",
"product": {
"name": "bind-main@src",
"product_id": "bind-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind@9.18.48-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-main@x86_64",
"product": {
"name": "bind-main@x86_64",
"product_id": "bind-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind@9.18.48-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-main@noarch",
"product": {
"name": "bind-main@noarch",
"product_id": "bind-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-doc@9.18.48-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:bind-main@aarch64"
},
"product_reference": "bind-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:bind-main@noarch"
},
"product_reference": "bind-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:bind-main@src"
},
"product_reference": "bind-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:bind-main@x86_64"
},
"product_reference": "bind-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405830"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Resource exhaustion via malformed DNSKEY handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it allows a remote, unauthenticated attacker to cause significant CPU exhaustion on vulnerable BIND resolvers by serving zones containing malformed DNSKEY records. The flaw triggers excessive computational effort during DNSKEY validation, leading to degraded performance and potential denial of service for legitimate clients. However, the issue affects availability only\u2014it does not enable code execution, data exposure, or privilege escalation\u2014so it is not classified as critical. Furthermore, authoritative servers are not impacted, limiting the scope of exposure to recursive resolvers. While the attack is easy to launch and can disrupt DNS operations, its effect ceases once the malicious traffic stops, making prompt patching and recursive access control effective mitigations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8677"
},
{
"category": "external",
"summary": "RHBZ#2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T23:30:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Resource exhaustion via malformed DNSKEY handling"
},
{
"cve": "CVE-2025-13878",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-01-21T13:45:49.972000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431600"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in bind. A remote attacker can send a specially crafted request that results in a corrupt or malicious record, causing the \u0027named\u0027 service to crash. This vulnerability leads to a Denial of Service (DoS) for authoritative servers and resolvers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: bind: Denial of Service via corrupt or malicious record",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects the BIND DNS server (named). An attacker can cause the named service to crash by sending a specially crafted request, impacting both authoritative and resolver server configurations. This can lead to a denial of service for DNS resolution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13878"
},
{
"category": "external",
"summary": "RHBZ#2431600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13878"
}
],
"release_date": "2026-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T23:30:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: bind: Denial of Service via corrupt or malicious record"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T23:30:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-40780",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405829"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver\u2019s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning due to weak PRNG",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in BIND 9 resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG) used to select the UDP source port and DNS query (transaction) ID. Exploitation requires an attacker to correctly predict both values and race the legitimate authoritative response with a spoofed packet to perform cache poisoning. While the PRNG weakness reduces entropy and makes prediction feasible under certain conditions, this still requires precise timing, on-path or spoofing capabilities, and targeting of recursive resolvers.\n\nThe impact is limited to resolver cache integrity; it does not allow remote code execution, privilege escalation, or direct compromise of the BIND server itself. Authoritative servers are not affected. Additionally, operational mitigations such as DNSSEC validation, access control restricting recursion, and network-level packet filtering reduce real-world exploitability. No active exploits have been observed in the wild.\n\nBecause exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40780"
},
{
"category": "external",
"summary": "RHBZ#2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T23:30:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning due to weak PRNG"
},
{
"cve": "CVE-2026-1519",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-25T14:01:56.586125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451305"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service (DoS) for legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important. A flaw in BIND allows a remote attacker to cause a Denial of Service by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. Red Hat systems running BIND configured for DNSSEC validation are affected. Authoritative-only BIND servers are generally not impacted unless configured to perform recursive queries.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1519"
},
{
"category": "external",
"summary": "RHBZ#2451305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1519",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1519"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.18.47",
"url": "https://downloads.isc.org/isc/bind9/9.18.47"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.20.21",
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.21.20",
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
},
{
"category": "external",
"summary": "https://kb.isc.org/docs/cve-2026-1519",
"url": "https://kb.isc.org/docs/cve-2026-1519"
}
],
"release_date": "2026-03-25T13:25:19.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T23:30:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable DNSSEC validation on affected BIND resolvers. Alternatively, configure the BIND server as authoritative-only if recursive queries are not required. Disabling DNSSEC validation may reduce the security posture of the DNS resolver. A restart of the BIND service (`named`) is required for these changes to take effect and may temporarily interrupt DNS resolution.",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone"
},
{
"cve": "CVE-2026-3104",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-03-25T14:02:15.067111+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the BIND resolver. A remote attacker can exploit this vulnerability by querying a specially crafted domain, which causes a memory leak. This memory leak can lead to a Denial of Service (DoS) condition, making the BIND resolver unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: BIND: Denial of Service via specially crafted domain query causing a memory leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in BIND 9. A remote attacker can trigger a memory leak in the BIND resolver by sending a specially crafted domain query, potentially exhausting system resources. Red Hat Enterprise Linux versions shipping BIND 9.18 are not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3104"
},
{
"category": "external",
"summary": "RHBZ#2451310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3104",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3104"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.20.21",
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.21.20",
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
},
{
"category": "external",
"summary": "https://kb.isc.org/docs/cve-2026-3104",
"url": "https://kb.isc.org/docs/cve-2026-3104"
}
],
"release_date": "2026-03-25T13:29:19.494000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T23:30:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "workaround",
"details": "To mitigate this issue, restrict access to the BIND resolver to trusted clients only. This can be achieved by configuring firewall rules to limit inbound connections to port 53 (UDP/TCP) from known, authorized IP addresses or networks. Alternatively, configure BIND to listen only on specific trusted interfaces or localhost.\n\nExample using firewalld:\n`firewall-cmd --permanent --add-rich-rule=\u0027rule family=\"ipv4\" source address=\"\u003cTRUSTED_IP_OR_NETWORK\u003e\" port port=53 protocol=\"udp\" accept\u0027`\n`firewall-cmd --permanent --add-rich-rule=\u0027rule family=\"ipv4\" source address=\"\u003cTRUSTED_IP_OR_NETWORK\u003e\" port port=53 protocol=\"tcp\" accept\u0027`\n`firewall-cmd --reload`\n\nAfter applying changes, a restart of the BIND service may be required for the new configuration to take full effect. This may temporarily interrupt DNS resolution services.",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: BIND: Denial of Service via specially crafted domain query causing a memory leak"
},
{
"cve": "CVE-2026-3119",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"discovery_date": "2026-03-25T14:02:07.297575+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451308"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BIND, specifically within the `named` daemon. An authenticated remote attacker, possessing a valid Transaction Signature (TSIG) key configured on the server, could send a specially crafted query containing a TKEY record. This action may cause the `named` daemon to crash, leading to a Denial of Service (DoS) for the affected DNS service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: BIND: Denial of Service via authenticated TKEY queries",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in BIND 9\u0027s `named` component can lead to a Denial of Service if an attacker with a valid Transaction Signature (TSIG) key sends a specially crafted query. Red Hat Enterprise Linux 8 and 9 are affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3119"
},
{
"category": "external",
"summary": "RHBZ#2451308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3119",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3119"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.20.21",
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.21.20",
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
},
{
"category": "external",
"summary": "https://kb.isc.org/docs/cve-2026-3119",
"url": "https://kb.isc.org/docs/cve-2026-3119"
}
],
"release_date": "2026-03-25T13:31:54.806000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T23:30:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "workaround",
"details": "To mitigate this issue, restrict access to the `named` service to only trusted networks and clients. If Transaction Signature (TSIG) keys are not actively used or required, consider disabling them in the BIND configuration. If TSIG keys are necessary, ensure they are securely managed and only distributed to authorized clients. After making configuration changes, a restart of the `named` service may be required to apply the changes, which could temporarily impact DNS resolution.",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bind: BIND: Denial of Service via authenticated TKEY queries"
},
{
"cve": "CVE-2026-3591",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-25T14:01:21.633259+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BIND, specifically in the named server\u0027s handling of DNS queries signed with SIG(0). A remote attacker could exploit this use-after-return vulnerability by sending a specially-crafted DNS request. This could cause an Access Control List (ACL) to improperly match an IP address, potentially leading to unauthorized access to resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: BIND: Unauthorized access due to use-after-return vulnerability in DNS query handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has a Moderate impact. A use-after-return flaw in the `named` server of `bind9` allows a remote attacker to send a specially-crafted DNS request signed with SIG(0). This can lead to improper Access Control List (ACL) matching, potentially granting unauthorized access to resources. Red Hat Enterprise Linux 8 and 9 ship with BIND versions 9.16 and 9.18 respectively, which are not affected by this flaw. Red Hat Enterprise Linux 10 is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3591"
},
{
"category": "external",
"summary": "RHBZ#2451298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3591",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3591"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3591",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3591"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.20.21",
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"category": "external",
"summary": "https://downloads.isc.org/isc/bind9/9.21.20",
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
},
{
"category": "external",
"summary": "https://kb.isc.org/docs/cve-2026-3591",
"url": "https://kb.isc.org/docs/cve-2026-3591"
}
],
"release_date": "2026-03-25T13:34:14.202000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T23:30:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"category": "workaround",
"details": "Restrict network access to the `named` service to trusted clients and networks. Configure firewall rules to limit inbound connections to the DNS service port (UDP/TCP 53). For example, using `firewall-cmd --permanent --add-rich-rule=\u0027rule family=\"ipv4\" source address=\"\u003cTRUSTED_IP_RANGE\u003e\" port port=\"53\" protocol=\"udp\" accept\u0027` and `firewall-cmd --reload`. This action may impact DNS resolution for clients outside the specified trusted networks. A service reload or restart may be required for changes to take effect.",
"product_ids": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:bind-main@aarch64",
"Red Hat Hardened Images:bind-main@noarch",
"Red Hat Hardened Images:bind-main@src",
"Red Hat Hardened Images:bind-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bind: BIND: Unauthorized access due to use-after-return vulnerability in DNS query handling"
}
]
}
OPENSUSE-SU-2026:10080-1
Vulnerability from csaf_opensuse - Published: 2026-01-22 00:00 - Updated: 2026-01-22 00:00Summary
bind-9.20.18-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: bind-9.20.18-1.1 on GA media
Description of the patch: These are all security issues fixed in the bind-9.20.18-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10080
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "bind-9.20.18-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the bind-9.20.18-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10080",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10080-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13878/"
}
],
"title": "bind-9.20.18-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-22T00:00:00Z",
"generator": {
"date": "2026-01-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10080-1",
"initial_release_date": "2026-01-22T00:00:00Z",
"revision_history": [
{
"date": "2026-01-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-1.1.aarch64",
"product": {
"name": "bind-9.20.18-1.1.aarch64",
"product_id": "bind-9.20.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-doc-9.20.18-1.1.aarch64",
"product": {
"name": "bind-doc-9.20.18-1.1.aarch64",
"product_id": "bind-doc-9.20.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-bdbhpt-9.20.18-1.1.aarch64",
"product": {
"name": "bind-modules-bdbhpt-9.20.18-1.1.aarch64",
"product_id": "bind-modules-bdbhpt-9.20.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-1.1.aarch64",
"product": {
"name": "bind-modules-generic-9.20.18-1.1.aarch64",
"product_id": "bind-modules-generic-9.20.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-1.1.aarch64",
"product": {
"name": "bind-modules-ldap-9.20.18-1.1.aarch64",
"product_id": "bind-modules-ldap-9.20.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-1.1.aarch64",
"product": {
"name": "bind-modules-mysql-9.20.18-1.1.aarch64",
"product_id": "bind-modules-mysql-9.20.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-1.1.aarch64",
"product": {
"name": "bind-modules-perl-9.20.18-1.1.aarch64",
"product_id": "bind-modules-perl-9.20.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-1.1.aarch64",
"product": {
"name": "bind-modules-sqlite3-9.20.18-1.1.aarch64",
"product_id": "bind-modules-sqlite3-9.20.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-1.1.aarch64",
"product": {
"name": "bind-utils-9.20.18-1.1.aarch64",
"product_id": "bind-utils-9.20.18-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-9.20.18-1.1.ppc64le",
"product_id": "bind-9.20.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-doc-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-doc-9.20.18-1.1.ppc64le",
"product_id": "bind-doc-9.20.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-bdbhpt-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-modules-bdbhpt-9.20.18-1.1.ppc64le",
"product_id": "bind-modules-bdbhpt-9.20.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-modules-generic-9.20.18-1.1.ppc64le",
"product_id": "bind-modules-generic-9.20.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-modules-ldap-9.20.18-1.1.ppc64le",
"product_id": "bind-modules-ldap-9.20.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-modules-mysql-9.20.18-1.1.ppc64le",
"product_id": "bind-modules-mysql-9.20.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-modules-perl-9.20.18-1.1.ppc64le",
"product_id": "bind-modules-perl-9.20.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-modules-sqlite3-9.20.18-1.1.ppc64le",
"product_id": "bind-modules-sqlite3-9.20.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-1.1.ppc64le",
"product": {
"name": "bind-utils-9.20.18-1.1.ppc64le",
"product_id": "bind-utils-9.20.18-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-1.1.s390x",
"product": {
"name": "bind-9.20.18-1.1.s390x",
"product_id": "bind-9.20.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-doc-9.20.18-1.1.s390x",
"product": {
"name": "bind-doc-9.20.18-1.1.s390x",
"product_id": "bind-doc-9.20.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-bdbhpt-9.20.18-1.1.s390x",
"product": {
"name": "bind-modules-bdbhpt-9.20.18-1.1.s390x",
"product_id": "bind-modules-bdbhpt-9.20.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-1.1.s390x",
"product": {
"name": "bind-modules-generic-9.20.18-1.1.s390x",
"product_id": "bind-modules-generic-9.20.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-1.1.s390x",
"product": {
"name": "bind-modules-ldap-9.20.18-1.1.s390x",
"product_id": "bind-modules-ldap-9.20.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-1.1.s390x",
"product": {
"name": "bind-modules-mysql-9.20.18-1.1.s390x",
"product_id": "bind-modules-mysql-9.20.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-1.1.s390x",
"product": {
"name": "bind-modules-perl-9.20.18-1.1.s390x",
"product_id": "bind-modules-perl-9.20.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-1.1.s390x",
"product": {
"name": "bind-modules-sqlite3-9.20.18-1.1.s390x",
"product_id": "bind-modules-sqlite3-9.20.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-1.1.s390x",
"product": {
"name": "bind-utils-9.20.18-1.1.s390x",
"product_id": "bind-utils-9.20.18-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-1.1.x86_64",
"product": {
"name": "bind-9.20.18-1.1.x86_64",
"product_id": "bind-9.20.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-doc-9.20.18-1.1.x86_64",
"product": {
"name": "bind-doc-9.20.18-1.1.x86_64",
"product_id": "bind-doc-9.20.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-bdbhpt-9.20.18-1.1.x86_64",
"product": {
"name": "bind-modules-bdbhpt-9.20.18-1.1.x86_64",
"product_id": "bind-modules-bdbhpt-9.20.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-1.1.x86_64",
"product": {
"name": "bind-modules-generic-9.20.18-1.1.x86_64",
"product_id": "bind-modules-generic-9.20.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-1.1.x86_64",
"product": {
"name": "bind-modules-ldap-9.20.18-1.1.x86_64",
"product_id": "bind-modules-ldap-9.20.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-1.1.x86_64",
"product": {
"name": "bind-modules-mysql-9.20.18-1.1.x86_64",
"product_id": "bind-modules-mysql-9.20.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-1.1.x86_64",
"product": {
"name": "bind-modules-perl-9.20.18-1.1.x86_64",
"product_id": "bind-modules-perl-9.20.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-1.1.x86_64",
"product": {
"name": "bind-modules-sqlite3-9.20.18-1.1.x86_64",
"product_id": "bind-modules-sqlite3-9.20.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-1.1.x86_64",
"product": {
"name": "bind-utils-9.20.18-1.1.x86_64",
"product_id": "bind-utils-9.20.18-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-9.20.18-1.1.aarch64"
},
"product_reference": "bind-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-9.20.18-1.1.s390x"
},
"product_reference": "bind-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-9.20.18-1.1.x86_64"
},
"product_reference": "bind-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-doc-9.20.18-1.1.aarch64"
},
"product_reference": "bind-doc-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-doc-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-doc-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-doc-9.20.18-1.1.s390x"
},
"product_reference": "bind-doc-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-doc-9.20.18-1.1.x86_64"
},
"product_reference": "bind-doc-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-bdbhpt-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.aarch64"
},
"product_reference": "bind-modules-bdbhpt-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-bdbhpt-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-modules-bdbhpt-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-bdbhpt-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.s390x"
},
"product_reference": "bind-modules-bdbhpt-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-bdbhpt-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.x86_64"
},
"product_reference": "bind-modules-bdbhpt-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.aarch64"
},
"product_reference": "bind-modules-generic-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-modules-generic-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.s390x"
},
"product_reference": "bind-modules-generic-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.x86_64"
},
"product_reference": "bind-modules-generic-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.aarch64"
},
"product_reference": "bind-modules-ldap-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-modules-ldap-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.s390x"
},
"product_reference": "bind-modules-ldap-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.x86_64"
},
"product_reference": "bind-modules-ldap-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.aarch64"
},
"product_reference": "bind-modules-mysql-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-modules-mysql-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.s390x"
},
"product_reference": "bind-modules-mysql-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.x86_64"
},
"product_reference": "bind-modules-mysql-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.aarch64"
},
"product_reference": "bind-modules-perl-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-modules-perl-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.s390x"
},
"product_reference": "bind-modules-perl-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.x86_64"
},
"product_reference": "bind-modules-perl-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.aarch64"
},
"product_reference": "bind-modules-sqlite3-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-modules-sqlite3-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.s390x"
},
"product_reference": "bind-modules-sqlite3-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.x86_64"
},
"product_reference": "bind-modules-sqlite3-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-utils-9.20.18-1.1.aarch64"
},
"product_reference": "bind-utils-9.20.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-utils-9.20.18-1.1.ppc64le"
},
"product_reference": "bind-utils-9.20.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-utils-9.20.18-1.1.s390x"
},
"product_reference": "bind-utils-9.20.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bind-utils-9.20.18-1.1.x86_64"
},
"product_reference": "bind-utils-9.20.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13878"
}
],
"notes": [
{
"category": "general",
"text": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bind-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13878",
"url": "https://www.suse.com/security/cve/CVE-2025-13878"
},
{
"category": "external",
"summary": "SUSE Bug 1256997 for CVE-2025-13878",
"url": "https://bugzilla.suse.com/1256997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bind-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bind-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-doc-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-bdbhpt-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-generic-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-ldap-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-mysql-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-perl-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-modules-sqlite3-9.20.18-1.1.x86_64",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.aarch64",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.ppc64le",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.s390x",
"openSUSE Tumbleweed:bind-utils-9.20.18-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-13878"
}
]
}
OPENSUSE-SU-2026:20091-1
Vulnerability from csaf_opensuse - Published: 2026-01-22 16:45 - Updated: 2026-01-22 16:45Summary
Security update for bind
Severity
Important
Notes
Title of the patch: Security update for bind
Description of the patch: This update for bind fixes the following issues:
Upgrade to release 9.20.18:
- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)
Feature Changes:
* Add more information to the rndc recursing output about
fetches.
* Reduce the number of outgoing queries.
* Provide more information when memory allocation fails.
Bug Fixes:
* Make DNSSEC key rollovers more robust.
* Fix a catalog zone issue, where member zones could fail to
load.
* Allow glue in delegations with QTYPE=ANY.
* Fix slow speed when signing a large delegation zone with NSEC3
opt-out.
* Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to
be invalid.
* Fix a possible catalog zone issue during reconfiguration.
* Fix the charts in the statistics channel.
* Adding NSEC3 opt-out records could leave invalid records in
chain.
* Fix spurious timeouts while resolving names.
* Fix bug where zone switches from NSEC3 to NSEC after
retransfer.
* AMTRELAY type 0 presentation format handling was wrong.
* Fix parsing bug in remote-servers with key or TLS.
* Fix DoT reconfigure/reload bug in the resolver.
* Skip unsupported algorithms when looking for a signing key.
* Fix dnssec-keygen key collision checking for KEY RRtype keys.
* dnssec-verify now uses exit code 1 when failing due to illegal
options.
* Prevent assertion failures of dig when a server is specified
before the -b option.
* Skip buffer allocations if not logging.
Patchnames: openSUSE-Leap-16.0-180
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for bind",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for bind fixes the following issues:\n\nUpgrade to release 9.20.18:\n\n- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)\n\n Feature Changes:\n * Add more information to the rndc recursing output about\n fetches.\n * Reduce the number of outgoing queries.\n * Provide more information when memory allocation fails.\n\n Bug Fixes:\n * Make DNSSEC key rollovers more robust.\n * Fix a catalog zone issue, where member zones could fail to\n load.\n * Allow glue in delegations with QTYPE=ANY.\n * Fix slow speed when signing a large delegation zone with NSEC3\n opt-out.\n * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to\n be invalid.\n * Fix a possible catalog zone issue during reconfiguration.\n * Fix the charts in the statistics channel.\n * Adding NSEC3 opt-out records could leave invalid records in\n chain.\n * Fix spurious timeouts while resolving names.\n * Fix bug where zone switches from NSEC3 to NSEC after\n retransfer.\n * AMTRELAY type 0 presentation format handling was wrong.\n * Fix parsing bug in remote-servers with key or TLS.\n * Fix DoT reconfigure/reload bug in the resolver.\n * Skip unsupported algorithms when looking for a signing key.\n * Fix dnssec-keygen key collision checking for KEY RRtype keys.\n * dnssec-verify now uses exit code 1 when failing due to illegal\n options.\n * Prevent assertion failures of dig when a server is specified\n before the -b option.\n * Skip buffer allocations if not logging.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-180",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20091-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1256997",
"url": "https://bugzilla.suse.com/1256997"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13878/"
}
],
"title": "Security update for bind",
"tracking": {
"current_release_date": "2026-01-22T16:45:35Z",
"generator": {
"date": "2026-01-22T16:45:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20091-1",
"initial_release_date": "2026-01-22T16:45:35Z",
"revision_history": [
{
"date": "2026-01-22T16:45:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-9.20.18-160000.1.1.aarch64",
"product_id": "bind-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-generic-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-generic-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-ldap-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-mysql-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-perl-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-perl-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-utils-9.20.18-160000.1.1.aarch64",
"product_id": "bind-utils-9.20.18-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-doc-9.20.18-160000.1.1.noarch",
"product": {
"name": "bind-doc-9.20.18-160000.1.1.noarch",
"product_id": "bind-doc-9.20.18-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-generic-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-perl-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-utils-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-utils-9.20.18-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-9.20.18-160000.1.1.s390x",
"product_id": "bind-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-bdbhpt-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-generic-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-generic-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-ldap-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-mysql-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-perl-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-perl-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-utils-9.20.18-160000.1.1.s390x",
"product_id": "bind-utils-9.20.18-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-9.20.18-160000.1.1.x86_64",
"product_id": "bind-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-generic-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-generic-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-ldap-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-mysql-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-perl-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-perl-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-utils-9.20.18-160000.1.1.x86_64",
"product_id": "bind-utils-9.20.18-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.20.18-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-doc-9.20.18-160000.1.1.noarch"
},
"product_reference": "bind-doc-9.20.18-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-bdbhpt-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13878"
}
],
"notes": [
{
"category": "general",
"text": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13878",
"url": "https://www.suse.com/security/cve/CVE-2025-13878"
},
{
"category": "external",
"summary": "SUSE Bug 1256997 for CVE-2025-13878",
"url": "https://bugzilla.suse.com/1256997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-bdbhpt-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"openSUSE Leap 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:45:35Z",
"details": "important"
}
],
"title": "CVE-2025-13878"
}
]
}
SUSE-SU-2026:20135-1
Vulnerability from csaf_suse - Published: 2026-01-22 16:50 - Updated: 2026-01-22 16:50Summary
Security update for bind
Severity
Important
Notes
Title of the patch: Security update for bind
Description of the patch: This update for bind fixes the following issues:
Upgrade to release 9.20.18:
- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)
Feature Changes:
* Add more information to the rndc recursing output about
fetches.
* Reduce the number of outgoing queries.
* Provide more information when memory allocation fails.
Bug Fixes:
* Make DNSSEC key rollovers more robust.
* Fix a catalog zone issue, where member zones could fail to
load.
* Allow glue in delegations with QTYPE=ANY.
* Fix slow speed when signing a large delegation zone with NSEC3
opt-out.
* Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to
be invalid.
* Fix a possible catalog zone issue during reconfiguration.
* Fix the charts in the statistics channel.
* Adding NSEC3 opt-out records could leave invalid records in
chain.
* Fix spurious timeouts while resolving names.
* Fix bug where zone switches from NSEC3 to NSEC after
retransfer.
* AMTRELAY type 0 presentation format handling was wrong.
* Fix parsing bug in remote-servers with key or TLS.
* Fix DoT reconfigure/reload bug in the resolver.
* Skip unsupported algorithms when looking for a signing key.
* Fix dnssec-keygen key collision checking for KEY RRtype keys.
* dnssec-verify now uses exit code 1 when failing due to illegal
options.
* Prevent assertion failures of dig when a server is specified
before the -b option.
* Skip buffer allocations if not logging.
Patchnames: SUSE-SLES-16.0-180
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for bind",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for bind fixes the following issues:\n\nUpgrade to release 9.20.18:\n\n- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)\n\n Feature Changes:\n * Add more information to the rndc recursing output about\n fetches.\n * Reduce the number of outgoing queries.\n * Provide more information when memory allocation fails.\n\n Bug Fixes:\n * Make DNSSEC key rollovers more robust.\n * Fix a catalog zone issue, where member zones could fail to\n load.\n * Allow glue in delegations with QTYPE=ANY.\n * Fix slow speed when signing a large delegation zone with NSEC3\n opt-out.\n * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to\n be invalid.\n * Fix a possible catalog zone issue during reconfiguration.\n * Fix the charts in the statistics channel.\n * Adding NSEC3 opt-out records could leave invalid records in\n chain.\n * Fix spurious timeouts while resolving names.\n * Fix bug where zone switches from NSEC3 to NSEC after\n retransfer.\n * AMTRELAY type 0 presentation format handling was wrong.\n * Fix parsing bug in remote-servers with key or TLS.\n * Fix DoT reconfigure/reload bug in the resolver.\n * Skip unsupported algorithms when looking for a signing key.\n * Fix dnssec-keygen key collision checking for KEY RRtype keys.\n * dnssec-verify now uses exit code 1 when failing due to illegal\n options.\n * Prevent assertion failures of dig when a server is specified\n before the -b option.\n * Skip buffer allocations if not logging.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-180",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20135-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20135-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620135-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20135-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043736.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256997",
"url": "https://bugzilla.suse.com/1256997"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13878/"
}
],
"title": "Security update for bind",
"tracking": {
"current_release_date": "2026-01-22T16:50:15Z",
"generator": {
"date": "2026-01-22T16:50:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20135-1",
"initial_release_date": "2026-01-22T16:50:15Z",
"revision_history": [
{
"date": "2026-01-22T16:50:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-9.20.18-160000.1.1.aarch64",
"product_id": "bind-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-generic-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-generic-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-ldap-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-mysql-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-perl-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-perl-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"product_id": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-160000.1.1.aarch64",
"product": {
"name": "bind-utils-9.20.18-160000.1.1.aarch64",
"product_id": "bind-utils-9.20.18-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-doc-9.20.18-160000.1.1.noarch",
"product": {
"name": "bind-doc-9.20.18-160000.1.1.noarch",
"product_id": "bind-doc-9.20.18-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-generic-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-perl-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-160000.1.1.ppc64le",
"product": {
"name": "bind-utils-9.20.18-160000.1.1.ppc64le",
"product_id": "bind-utils-9.20.18-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-9.20.18-160000.1.1.s390x",
"product_id": "bind-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-generic-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-generic-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-ldap-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-mysql-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-perl-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-perl-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"product_id": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-160000.1.1.s390x",
"product": {
"name": "bind-utils-9.20.18-160000.1.1.s390x",
"product_id": "bind-utils-9.20.18-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-9.20.18-160000.1.1.x86_64",
"product_id": "bind-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-generic-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-generic-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-generic-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-ldap-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-mysql-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-perl-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-perl-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-perl-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"product_id": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-160000.1.1.x86_64",
"product": {
"name": "bind-utils-9.20.18-160000.1.1.x86_64",
"product_id": "bind-utils-9.20.18-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.20.18-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-doc-9.20.18-160000.1.1.noarch"
},
"product_reference": "bind-doc-9.20.18-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.20.18-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-doc-9.20.18-160000.1.1.noarch"
},
"product_reference": "bind-doc-9.20.18-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-generic-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-generic-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-ldap-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-mysql-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-perl-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-perl-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.aarch64"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.ppc64le"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.s390x"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
},
"product_reference": "bind-utils-9.20.18-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13878"
}
],
"notes": [
{
"category": "general",
"text": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13878",
"url": "https://www.suse.com/security/cve/CVE-2025-13878"
},
{
"category": "external",
"summary": "SUSE Bug 1256997 for CVE-2025-13878",
"url": "https://bugzilla.suse.com/1256997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:bind-utils-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-doc-9.20.18-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-generic-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-ldap-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-mysql-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-perl-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-modules-sqlite3-9.20.18-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:bind-utils-9.20.18-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:50:15Z",
"details": "important"
}
],
"title": "CVE-2025-13878"
}
]
}
SUSE-SU-2026:0348-1
Vulnerability from csaf_suse - Published: 2026-01-30 11:17 - Updated: 2026-01-30 11:17Summary
Security update for bind
Severity
Important
Notes
Title of the patch: Security update for bind
Description of the patch: This update for bind fixes the following issues:
Upgrade to release 9.20.18:
- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)
Feature Changes:
* Add more information to the rndc recursing output about
fetches.
* Reduce the number of outgoing queries.
* Provide more information when memory allocation fails.
Bug Fixes:
* Make DNSSEC key rollovers more robust.
* Fix a catalog zone issue, where member zones could fail to
load.
* Allow glue in delegations with QTYPE=ANY.
* Fix slow speed when signing a large delegation zone with NSEC3
opt-out.
* Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to
be invalid.
* Fix a possible catalog zone issue during reconfiguration.
* Fix the charts in the statistics channel.
* Adding NSEC3 opt-out records could leave invalid records in
chain.
* Fix spurious timeouts while resolving names.
* Fix bug where zone switches from NSEC3 to NSEC after
retransfer.
* AMTRELAY type 0 presentation format handling was wrong.
* Fix parsing bug in remote-servers with key or TLS.
* Fix DoT reconfigure/reload bug in the resolver.
* Skip unsupported algorithms when looking for a signing key.
* Fix dnssec-keygen key collision checking for KEY RRtype keys.
* dnssec-verify now uses exit code 1 when failing due to illegal
options.
* Prevent assertion failures of dig when a server is specified
before the -b option.
* Skip buffer allocations if not logging.
Patchnames: SUSE-2026-348,SUSE-SLE-Module-Basesystem-15-SP7-2026-348,SUSE-SLE-Module-Server-Applications-15-SP7-2026-348
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for bind",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for bind fixes the following issues:\n\nUpgrade to release 9.20.18:\n\n- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)\n\n Feature Changes:\n * Add more information to the rndc recursing output about\n fetches.\n * Reduce the number of outgoing queries.\n * Provide more information when memory allocation fails.\n\n Bug Fixes:\n * Make DNSSEC key rollovers more robust.\n * Fix a catalog zone issue, where member zones could fail to\n load.\n * Allow glue in delegations with QTYPE=ANY.\n * Fix slow speed when signing a large delegation zone with NSEC3\n opt-out.\n * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to\n be invalid.\n * Fix a possible catalog zone issue during reconfiguration.\n * Fix the charts in the statistics channel.\n * Adding NSEC3 opt-out records could leave invalid records in\n chain.\n * Fix spurious timeouts while resolving names.\n * Fix bug where zone switches from NSEC3 to NSEC after\n retransfer.\n * AMTRELAY type 0 presentation format handling was wrong.\n * Fix parsing bug in remote-servers with key or TLS.\n * Fix DoT reconfigure/reload bug in the resolver.\n * Skip unsupported algorithms when looking for a signing key.\n * Fix dnssec-keygen key collision checking for KEY RRtype keys.\n * dnssec-verify now uses exit code 1 when failing due to illegal\n options.\n * Prevent assertion failures of dig when a server is specified\n before the -b option.\n * Skip buffer allocations if not logging.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-348,SUSE-SLE-Module-Basesystem-15-SP7-2026-348,SUSE-SLE-Module-Server-Applications-15-SP7-2026-348",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0348-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0348-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260348-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0348-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023995.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256997",
"url": "https://bugzilla.suse.com/1256997"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13878/"
}
],
"title": "Security update for bind",
"tracking": {
"current_release_date": "2026-01-30T11:17:07Z",
"generator": {
"date": "2026-01-30T11:17:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0348-1",
"initial_release_date": "2026-01-30T11:17:07Z",
"revision_history": [
{
"date": "2026-01-30T11:17:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-150700.3.15.1.aarch64",
"product": {
"name": "bind-9.20.18-150700.3.15.1.aarch64",
"product_id": "bind-9.20.18-150700.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-150700.3.15.1.aarch64",
"product": {
"name": "bind-utils-9.20.18-150700.3.15.1.aarch64",
"product_id": "bind-utils-9.20.18-150700.3.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-150700.3.15.1.i586",
"product": {
"name": "bind-9.20.18-150700.3.15.1.i586",
"product_id": "bind-9.20.18-150700.3.15.1.i586"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-150700.3.15.1.i586",
"product": {
"name": "bind-utils-9.20.18-150700.3.15.1.i586",
"product_id": "bind-utils-9.20.18-150700.3.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-doc-9.20.18-150700.3.15.1.noarch",
"product": {
"name": "bind-doc-9.20.18-150700.3.15.1.noarch",
"product_id": "bind-doc-9.20.18-150700.3.15.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-150700.3.15.1.ppc64le",
"product": {
"name": "bind-9.20.18-150700.3.15.1.ppc64le",
"product_id": "bind-9.20.18-150700.3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-150700.3.15.1.ppc64le",
"product": {
"name": "bind-utils-9.20.18-150700.3.15.1.ppc64le",
"product_id": "bind-utils-9.20.18-150700.3.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-150700.3.15.1.s390x",
"product": {
"name": "bind-9.20.18-150700.3.15.1.s390x",
"product_id": "bind-9.20.18-150700.3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-150700.3.15.1.s390x",
"product": {
"name": "bind-utils-9.20.18-150700.3.15.1.s390x",
"product_id": "bind-utils-9.20.18-150700.3.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-9.20.18-150700.3.15.1.x86_64",
"product": {
"name": "bind-9.20.18-150700.3.15.1.x86_64",
"product_id": "bind-9.20.18-150700.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "bind-utils-9.20.18-150700.3.15.1.x86_64",
"product": {
"name": "bind-utils-9.20.18-150700.3.15.1.x86_64",
"product_id": "bind-utils-9.20.18-150700.3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-150700.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.aarch64"
},
"product_reference": "bind-utils-9.20.18-150700.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-150700.3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.ppc64le"
},
"product_reference": "bind-utils-9.20.18-150700.3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-150700.3.15.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.s390x"
},
"product_reference": "bind-utils-9.20.18-150700.3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-utils-9.20.18-150700.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.x86_64"
},
"product_reference": "bind-utils-9.20.18-150700.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-150700.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.aarch64"
},
"product_reference": "bind-9.20.18-150700.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-150700.3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.ppc64le"
},
"product_reference": "bind-9.20.18-150700.3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-150700.3.15.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.s390x"
},
"product_reference": "bind-9.20.18-150700.3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-9.20.18-150700.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.x86_64"
},
"product_reference": "bind-9.20.18-150700.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-doc-9.20.18-150700.3.15.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.18-150700.3.15.1.noarch"
},
"product_reference": "bind-doc-9.20.18-150700.3.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13878"
}
],
"notes": [
{
"category": "general",
"text": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.18-150700.3.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13878",
"url": "https://www.suse.com/security/cve/CVE-2025-13878"
},
{
"category": "external",
"summary": "SUSE Bug 1256997 for CVE-2025-13878",
"url": "https://bugzilla.suse.com/1256997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.18-150700.3.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.18-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.18-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.18-150700.3.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T11:17:07Z",
"details": "important"
}
],
"title": "CVE-2025-13878"
}
]
}
FKIE_CVE-2025-13878
Vulnerability from fkie_nvd - Published: 2026-01-21 15:16 - Updated: 2026-04-15 00:35
Severity ?
Summary
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
References
| URL | Tags | ||
|---|---|---|---|
| security-officer@isc.org | https://downloads.isc.org/isc/bind9/9.18.44 | ||
| security-officer@isc.org | https://downloads.isc.org/isc/bind9/9.20.18 | ||
| security-officer@isc.org | https://downloads.isc.org/isc/bind9/9.21.17 | ||
| security-officer@isc.org | https://kb.isc.org/docs/cve-2025-13878 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/01/21/3 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1."
},
{
"lang": "es",
"value": "Registros BRID/HHIT malformados pueden causar que \u0027named\u0027 termine inesperadamente.\nEste problema afecta a las versiones de BIND 9 9.18.40 hasta 9.18.43, 9.20.13 hasta 9.20.17, 9.21.12 hasta 9.21.16, 9.18.40-S1 hasta 9.18.43-S1, y 9.20.13-S1 hasta 9.20.17-S1."
}
],
"id": "CVE-2025-13878",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Secondary"
}
]
},
"published": "2026-01-21T15:16:05.650",
"references": [
{
"source": "security-officer@isc.org",
"url": "https://downloads.isc.org/isc/bind9/9.18.44"
},
{
"source": "security-officer@isc.org",
"url": "https://downloads.isc.org/isc/bind9/9.20.18"
},
{
"source": "security-officer@isc.org",
"url": "https://downloads.isc.org/isc/bind9/9.21.17"
},
{
"source": "security-officer@isc.org",
"url": "https://kb.isc.org/docs/cve-2025-13878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/01/21/3"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "security-officer@isc.org",
"type": "Secondary"
}
]
}
WID-SEC-W-2026-0188
Vulnerability from csaf_certbund - Published: 2026-01-21 23:00 - Updated: 2026-01-28 23:00Summary
Internet Systems Consortium BIND: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0188 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0188.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0188 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0188"
},
{
"category": "external",
"summary": "ISC BIND Security Advisory CVE-2025-13878 vom 2026-01-21",
"url": "https://kb.isc.org/docs/cve-2025-13878"
},
{
"category": "external",
"summary": "BIND 9.18.44 Release vom 2026-01-21",
"url": "https://downloads.isc.org/isc/bind9/9.18.44/"
},
{
"category": "external",
"summary": "BIND 9.20.18 Release vom 2026-01-21",
"url": "https://downloads.isc.org/isc/bind9/9.20.18/"
},
{
"category": "external",
"summary": "BIND 9.21.17 Release vom 2026-01-21",
"url": "https://downloads.isc.org/isc/bind9/9.21.17/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-D8979B7A9C vom 2026-01-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-d8979b7a9c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-B31C8D8E83 vom 2026-01-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-b31c8d8e83"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-925E7CCE85 vom 2026-01-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-925e7cce85"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6107 vom 2026-01-22",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00015.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-567FF6C687 vom 2026-01-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-567ff6c687"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-34C921D252 vom 2026-01-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-34c921d252"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10080-1 vom 2026-01-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7ROBXH6XB6MB2J4NX6PQ42RXZZDQWFOG/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20135-1 vom 2026-01-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023955.html"
}
],
"source_lang": "en-US",
"title": "Internet Systems Consortium BIND: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-01-28T23:00:00.000+00:00",
"generator": {
"date": "2026-01-29T07:51:13.819+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0188",
"initial_release_date": "2026-01-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora und Debian aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.18.44",
"product": {
"name": "Internet Systems Consortium BIND \u003c9.18.44",
"product_id": "T050250"
}
},
{
"category": "product_version",
"name": "9.18.44",
"product": {
"name": "Internet Systems Consortium BIND 9.18.44",
"product_id": "T050250-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:9.18.44"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.20.18",
"product": {
"name": "Internet Systems Consortium BIND \u003c9.20.18",
"product_id": "T050251"
}
},
{
"category": "product_version",
"name": "9.20.18",
"product": {
"name": "Internet Systems Consortium BIND 9.20.18",
"product_id": "T050251-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:9.20.18"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.21.17",
"product": {
"name": "Internet Systems Consortium BIND \u003c9.21.17",
"product_id": "T050252"
}
},
{
"category": "product_version",
"name": "9.21.17",
"product": {
"name": "Internet Systems Consortium BIND 9.21.17",
"product_id": "T050252-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:9.21.17"
}
}
}
],
"category": "product_name",
"name": "BIND"
}
],
"category": "vendor",
"name": "Internet Systems Consortium"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13878",
"product_status": {
"known_affected": [
"T050251",
"T050250",
"2951",
"T002207",
"T027843",
"T050252",
"74185"
]
},
"release_date": "2026-01-21T23:00:00.000+00:00",
"title": "CVE-2025-13878"
}
]
}
GHSA-P5QX-FWF5-Q388
Vulnerability from github – Published: 2026-01-21 15:31 – Updated: 2026-01-21 21:30
VLAI?
Details
Malformed BRID/HHIT records can cause named to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2025-13878"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-21T15:16:05Z",
"severity": "HIGH"
},
"details": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.",
"id": "GHSA-p5qx-fwf5-q388",
"modified": "2026-01-21T21:30:29Z",
"published": "2026-01-21T15:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13878"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.18.44"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.20.18"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.21.17"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2025-13878"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/01/21/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…