|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2026-bcc66a29da (bind9-next)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: bind9-next-9.21.20-1.fc42


Date:
              Fri, 03 Apr 2026 17:04:13 +0000


Message-ID:
              <20260403170413.01D437973A@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bcc66a29da
2026-04-03 17:03:00.363034+00:00
--------------------------------------------------------------------------------

Name        : bind9-next
Product     : Fedora 42
Version     : 9.21.20
Release     : 1.fc42
URL         : https://www.isc.org/downloads/bind/
Summary     : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

--------------------------------------------------------------------------------
Update Information:

Update to 9.21.20 (rhbz#2440560)
Security Fixes:
Fix unbounded NSEC3 iterations when validating referrals to unsigned
delegations. (CVE-2026-1519)
Fix memory leaks in code preparing DNSSEC proofs of non-existence.
(CVE-2026-3104)
Prevent a crash in code processing queries containing a TKEY record.
(CVE-2026-3119)
Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
New Features:
Provide response round-trip time (RTT) counters via statistics channel.
Introduce max-delegation-servers configuration option.
Bug Fixes:
Fix parsing key inactivation time in KASP code.
Fix the handling of key statements defined inside views.
Update to 9.21.19
Security Fixes:
Fix a use-after-free error in dns_client_resolve() triggered by a DNAME
response.
Fix a NULL pointer dereference in qp-trie cache code.
Immediately remove purged ADB names and entries from the SIEVE list.
Feature Changes:
Record query time for all dnstap responses.
Optimize TCP source port selection on Linux.
and multiple bug fixes.
Update to 9.21.18
Feature Changes:
Enable minimal ANY answers by default.
Lowercase the NSEC Next Domain Name field.
Update requirements for system test suite.
Bug Fixes:
Make catalog zone names and member zones' entry names case-insensitive. [GL
#5693]
Fix implementation of BRID and HHIT record types. [GL #5710]
Fix implementation of DSYNC record type. [GL #5711]
Fix response policy and catalog zones to work with $INCLUDE directive.
Source:
https://downloads.isc.org/isc/bind9/9.21.20/doc/arm/html/...
bind-9-21-20
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 25 2026 Petr Menšík <pemensik@redhat.com> - 32:9.21.20-1
- Update to 9.21.20 (rhbz#2440560)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2440560 - bind9-next-9.21.20 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2440560
  [ 2 ] Bug #2451573 - CVE-2026-3591 bind9-next: BIND: Unauthorized access due to use-after-return
vulnerability in DNS query handling [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2451573
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bcc66a29da' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds