Security update for bind
| Announcement ID: | SUSE-SU-2026:20135-1 |
|---|---|
| Release Date: | 2026-01-22T16:45:35Z |
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability can now be installed.
Description:
This update for bind fixes the following issues:
Upgrade to release 9.20.18:
- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)
Feature Changes: * Add more information to the rndc recursing output about fetches. * Reduce the number of outgoing queries. * Provide more information when memory allocation fails.
Bug Fixes: * Make DNSSEC key rollovers more robust. * Fix a catalog zone issue, where member zones could fail to load. * Allow glue in delegations with QTYPE=ANY. * Fix slow speed when signing a large delegation zone with NSEC3 opt-out. * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid. * Fix a possible catalog zone issue during reconfiguration. * Fix the charts in the statistics channel. * Adding NSEC3 opt-out records could leave invalid records in chain. * Fix spurious timeouts while resolving names. * Fix bug where zone switches from NSEC3 to NSEC after retransfer. * AMTRELAY type 0 presentation format handling was wrong. * Fix parsing bug in remote-servers with key or TLS. * Fix DoT reconfigure/reload bug in the resolver. * Skip unsupported algorithms when looking for a signing key. * Fix dnssec-keygen key collision checking for KEY RRtype keys. * dnssec-verify now uses exit code 1 when failing due to illegal options. * Prevent assertion failures of dig when a server is specified before the -b option. * Skip buffer allocations if not logging.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-180=1 -
SUSE Linux Enterprise Server for SAP Applications 16.0
zypper in -t patch SUSE-SLES-16.0-180=1
Package List:
-
SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
- bind-modules-ldap-debuginfo-9.20.18-160000.1.1
- bind-9.20.18-160000.1.1
- bind-debugsource-9.20.18-160000.1.1
- bind-modules-generic-debuginfo-9.20.18-160000.1.1
- bind-modules-mysql-9.20.18-160000.1.1
- bind-modules-sqlite3-debuginfo-9.20.18-160000.1.1
- bind-modules-sqlite3-9.20.18-160000.1.1
- bind-modules-perl-debuginfo-9.20.18-160000.1.1
- bind-modules-ldap-9.20.18-160000.1.1
- bind-debuginfo-9.20.18-160000.1.1
- bind-utils-debuginfo-9.20.18-160000.1.1
- bind-modules-mysql-debuginfo-9.20.18-160000.1.1
- bind-utils-9.20.18-160000.1.1
- bind-modules-perl-9.20.18-160000.1.1
- bind-modules-generic-9.20.18-160000.1.1
-
SUSE Linux Enterprise Server 16.0 (noarch)
- bind-doc-9.20.18-160000.1.1
-
SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64)
- bind-modules-ldap-debuginfo-9.20.18-160000.1.1
- bind-9.20.18-160000.1.1
- bind-debugsource-9.20.18-160000.1.1
- bind-modules-generic-debuginfo-9.20.18-160000.1.1
- bind-modules-mysql-9.20.18-160000.1.1
- bind-modules-sqlite3-debuginfo-9.20.18-160000.1.1
- bind-modules-sqlite3-9.20.18-160000.1.1
- bind-modules-perl-debuginfo-9.20.18-160000.1.1
- bind-modules-ldap-9.20.18-160000.1.1
- bind-debuginfo-9.20.18-160000.1.1
- bind-utils-debuginfo-9.20.18-160000.1.1
- bind-modules-mysql-debuginfo-9.20.18-160000.1.1
- bind-utils-9.20.18-160000.1.1
- bind-modules-perl-9.20.18-160000.1.1
- bind-modules-generic-9.20.18-160000.1.1
-
SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch)
- bind-doc-9.20.18-160000.1.1