Multiple vulnerabilities in BIND9 (CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, CVE-2026-3591) can result in ACL restriction bypass or denial of service. The CVSS scores for specified CVEs are 7.5 (HIGH) for CVE-2026-1519 and CVE-2026-3104, and 6.5 (MEDIUM) for CVE-2026-3119. For Debian stable (trixie), the fixed version is 1:9.20.21-1~deb13u1, and for oldstable (bookworm), it is 1:9.18.47-1~deb12u1.
[SECURITY] [DSA 6181-1] bind9 security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6181-1] bind9 security update From : Salvatore Bonaccorso < carnil@debian.org > Date : Fri, 27 Mar 2026 22:42:59 +0000 Message-id : < [🔎] E1w6FtL-00000009yVZ-2wlK@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6181-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 27, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2026-1519 CVE-2026-3104 CVE-2026-3119 CVE-2026-3591 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in bypass of ACL restrictions or denial of service. For the oldstable distribution (bookworm), these problems have been fixed in version 1:9.18.47-1~deb12u1. The oldstable distribution is only affected by CVE-2026-1519. For the stable distribution (trixie), these problems have been fixed in version 1:9.20.21-1~deb13u1. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmnHB4VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q+JQ//RoJGJCNIQijxrUuNT0MhanrKHnapc+3hrKJ7WYmA4PcgjcxSoDPUG/g6 Gcut9ZcKKlqX6RoXoUl3b4Kf0K176PUkBmYrDvUw1lqW1nH7JYQ3aE3D/7+1purL hFMxWHcChaogr5uQu1aJlBiUnQnSXWezT/MhkP2GWCjRhMrV0uHlPUb179EatPtQ A3JQwGZAoKA61DQo5dIuRfHMYCQuSX3HS3EtpLgc0CMJk4+aH7PflkMB2VO/e8wU iA9TgQ5mpMtMpaVhWKXZTw+utYTGAm0oX0W4J7fRgM9/sipQt9+CXCdFJPxP8dhq I87rr7jmSwdPYCYKX/4aVWeLoc97TzXWJkO4jELUYyoSK7M7M2Uau3I2X/VT0lDQ /DeiaierxSx4qWqmTCA+a4hoiUJ3CHYRsatO28HfIg+7J899+GbsuqRcb1Fhm8GA mPw2z/Q/tb6Xin1CeevilT7MlAAKgWlQprKadUbCFrvFNO/v+OlxDT0whIsSRFlk iKOovfSllHvVabdEiqE5uEWAOdZ6kerFox1LcWJdtdQNcAGLYiUr7VxOk7svaozu hpdmGMshtQ+yT7p9XNXTC0+dOZKw4kWBpkx86mOQ7Y5aK4I9IUPVHMiElc6l3yFq sGKwwEoQFQclBRxufRREx5JrAaGnLKVbOmMjTJ8XD9KZ3OLBoms= =BUs3 -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Salvatore Bonaccorso (on-list) Salvatore Bonaccorso (off-list) Prev by Date: [SECURITY] [DSA 6180-1] ruby-rack security update Previous by thread: [SECURITY] [DSA 6180-1] ruby-rack security update Index(es): Date Thread