Red Hat Product Errata RHSA-2026:18786 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18786 - Security Advisory Overview Updated Packages Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2405830 - CVE-2025-8677 bind: Resource exhaustion via malformed DNSKEY handling RHEL-79714 - [RHEL 9 BUG] dig ignores search domains when resolv.conf has the 'search' option set right after a fourth nameserver or sixth nameserver CVEs CVE-2025-8677 References https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM bind-9.16.23-40.el9_8.1.src.rpm SHA-256: 61c9c66dc80707b72cfc6a9186a28843d59578161ec121dc9b2cedb82b4f037c x86_64 bind-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: 3fc6a6cf0cc612dd9e3e97828638e97e4769a07752ab6f11fc5cde132f595340 bind-chroot-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: 97a82a2565f87b5ec9fb67f05f31958b38bfe12765307161768ff2d4f693628b bind-debuginfo-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: ff2c0d98ccca0c29a571444c980f5c63ec58a319dc88aaed2fb3a797af015baf bind-debugsource-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: 179c0246b2c55650d510f7eda48f4ec465977f3f83e67ba26b9dcf7a57db3879 bind-dnssec-doc-9.16.23-40.el9_8.1.noarch.rpm SHA-256: ff6b77ac5573cc2eed8744543b372b1232f22a2b646b87c3f31829598e334e44 bind-dnssec-utils-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: ebbedb2832c6a5aeddce8f14687cf0442cb1aa98213c370388495f9905854ce9 bind-dnssec-utils-debuginfo-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: 397522e673347dcc399bc180834c097bb0c4abcb9724b061c0374b89c58a0c64 bind-libs-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: 1544f7d456b705219746d94fd767c345a353c2d0062fa30e675e57a622a1ef46 bind-libs-debuginfo-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: 59d10c73050c8b41c2a4ad9d007257e3d7287a0380a11c8ebb0458055b5b5494 bind-license-9.16.23-40.el9_8.1.noarch.rpm SHA-256: d4753ecd7c2d00db8906ce220f8a8ae199a744d33654fc3883adfea61ab93c51 bind-utils-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: 296f9e355ae712c43cb23d224fce3d264489447a8a502db71cc6bfc34433237b bind-utils-debuginfo-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: e15172bff14338522947f41887a962d5bc55efd4523dda0aaac39eba9151e176 python3-bind-9.16.23-40.el9_8.1.noarch.rpm SHA-256: 5c3c16b057714cb05f4e962a55ce00822b745f4bcd1b9533af9d740ef0f2ae26 Red Hat Enterprise Linux for IBM z Systems 9 SRPM bind-9.16.23-40.el9_8.1.src.rpm SHA-256: 61c9c66dc80707b72cfc6a9186a28843d59578161ec121dc9b2cedb82b4f037c s390x bind-9.16.23-40.el9_8.1.s390x.rpm SHA-256: e694b0f7f0e58bd81c74247020abadfc7384d9ddd78f26a4db6decc7eb8e4691 bind-chroot-9.16.23-40.el9_8.1.s390x.rpm SHA-256: f5b7ad7c7a3140d9fef9d73f47448d008701330a5644e0b5da242f6951ba79a8 bind-debuginfo-9.16.23-40.el9_8.1.s390x.rpm SHA-256: 63d4508643e38571c4b1c5da49216e0180e7c9fb84f558e11de2e20600dc23a7 bind-debugsource-9.16.23-40.el9_8.1.s390x.rpm SHA-256: a85f759bb8805ceaa65f2290e1aeb875f8c2de40a943dca56336c63741e757e9 bind-dnssec-doc-9.16.23-40.el9_8.1.noarch.rpm SHA-256: ff6b77ac5573cc2eed8744543b372b1232f22a2b646b87c3f31829598e334e44 bind-dnssec-utils-9.16.23-40.el9_8.1.s390x.rpm SHA-256: 7afce53f79a15fc580d46fd2b3a866af9a8f0a715ee322613258f9e469895f68 bind-dnssec-utils-debuginfo-9.16.23-40.el9_8.1.s390x.rpm SHA-256: d2fef4ec8744aee7ecacf07e99716fb446ba57370c89d826be58344cbdf02f1e bind-libs-9.16.23-40.el9_8.1.s390x.rpm SHA-256: e39a153b30b2ac5b8772fee2ca60e821585419f62064dd159bd7c19a81695437 bind-libs-debuginfo-9.16.23-40.el9_8.1.s390x.rpm SHA-256: d55492280cfb75a5865820b7713082cb92904fb2d2d34bc65cec84301f682d7d bind-license-9.16.23-40.el9_8.1.noarch.rpm SHA-256: d4753ecd7c2d00db8906ce220f8a8ae199a744d33654fc3883adfea61ab93c51 bind-utils-9.16.23-40.el9_8.1.s390x.rpm SHA-256: 60e2efe957cafeab166490a1e09fd61ff6bebb08feb7f4f6ca700ed88ec6c7aa bind-utils-debuginfo-9.16.23-40.el9_8.1.s390x.rpm SHA-256: 162853c7a9825ff62b0dce641caa3b981ca26aa7dcaa99bf3b9feb46b1957f96 python3-bind-9.16.23-40.el9_8.1.noarch.rpm SHA-256: 5c3c16b057714cb05f4e962a55ce00822b745f4bcd1b9533af9d740ef0f2ae26 Red Hat Enterprise Linux for Power, little endian 9 SRPM bind-9.16.23-40.el9_8.1.src.rpm SHA-256: 61c9c66dc80707b72cfc6a9186a28843d59578161ec121dc9b2cedb82b4f037c ppc64le bind-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: 593de56bbe6e4c6e87343924a2bb830f7e548c657d1ad1febfdc3ffe59394222 bind-chroot-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: eab4f3642f77caa6e428e9674a373795fd5fc4b58c53eedab37e5777aac140e2 bind-debuginfo-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: f321f0a199d1b7ddbf4f61c5874ef4f4eff09d8915c13477123e039d22f7ce78 bind-debugsource-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: 200ca621c41875585ec1c84bad1199e378a1898e86379b2c1d9e23a700d6300e bind-dnssec-doc-9.16.23-40.el9_8.1.noarch.rpm SHA-256: ff6b77ac5573cc2eed8744543b372b1232f22a2b646b87c3f31829598e334e44 bind-dnssec-utils-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: feff515a7225657cd1bb3024680205a9ab06d475ec8c6b1b66110638234c2a7a bind-dnssec-utils-debuginfo-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: a6f01cfdaa570eb872a94d0adff810da77516a08c4d35454ee0dc6a16d4465a1 bind-libs-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: 82c8d0db3ff82afeb67aa08d8526bfc04f145d402b2c089ee499ce6ab8fc018e bind-libs-debuginfo-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: 4da57f40869fba4b09c85b62c8c3b99fc4f3b05a7016d8a58c068b79ddcd81f9 bind-license-9.16.23-40.el9_8.1.noarch.rpm SHA-256: d4753ecd7c2d00db8906ce220f8a8ae199a744d33654fc3883adfea61ab93c51 bind-utils-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: a91122a8b80722ab33300131fd04c69c43eb2538f9d20143d55dfa00e7f278fc bind-utils-debuginfo-9.16.23-40.el9_8.1.ppc64le.rpm SHA-256: 79dd27e5639d2f47cdbacabfb069bed752716756be6aec1adc7a68863015ac9c python3-bind-9.16.23-40.el9_8.1.noarch.rpm SHA-256: 5c3c16b057714cb05f4e962a55ce00822b745f4bcd1b9533af9d740ef0f2ae26 Red Hat Enterprise Linux for ARM 64 9 SRPM bind-9.16.23-40.el9_8.1.src.rpm SHA-256: 61c9c66dc80707b72cfc6a9186a28843d59578161ec121dc9b2cedb82b4f037c aarch64 bind-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: a75fcc1d346694e52ba0cd9e3e668a45d1cc609aadcabdcbdcbcddf02bb0e805 bind-chroot-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: 023a2ffdee58fb6c2801a4c2c869e4e1254699881df1449673f47a5f21048162 bind-debuginfo-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: 82d5c6f90412ef9aacb5a56dc141c7814ae7d01cfadaf9a33536c80c57bd3969 bind-debugsource-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: ad1e4b485a0a727566ddc2984e1d865b19812577253518581d2fba86c123ccc2 bind-dnssec-doc-9.16.23-40.el9_8.1.noarch.rpm SHA-256: ff6b77ac5573cc2eed8744543b372b1232f22a2b646b87c3f31829598e334e44 bind-dnssec-utils-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: 7d1863aad4786406846780ad5e329167047589972f54f5edd9ab32737fdc737e bind-dnssec-utils-debuginfo-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: 24fafefecd3f922dd4d1937f4b0d042cc7169d6a56ddc74ec87b20bad40034d2 bind-libs-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: 0f41cb9ddd651e4c6c05c3ed9baaa5011ca41b4bda4684fb715c9e36300c12e6 bind-libs-debuginfo-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: b202465050d6bfa50dca434fd8518d9f49b575d87832a43d316785bc608e8bd1 bind-license-9.16.23-40.el9_8.1.noarch.rpm SHA-256: d4753ecd7c2d00db8906ce220f8a8ae199a744d33654fc3883adfea61ab93c51 bind-utils-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: a923dad7f25ecbb1b6418f53a70eb2260fc55bb28712b7e1ea2a02687494a0db bind-utils-debuginfo-9.16.23-40.el9_8.1.aarch64.rpm SHA-256: 1e8f1adfd78066eba115254dbd9c26ed8c9a6dea10faa179a2b59691267fc0f4 python3-bind-9.16.23-40.el9_8.1.noarch.rpm SHA-256: 5c3c16b057714cb05f4e962a55ce00822b745f4bcd1b9533af9d740ef0f2ae26 Red Hat CodeReady Linux Builder for x86_64 9 SRPM x86_64 bind-debuginfo-9.16.23-40.el9_8.1.i686.rpm SHA-256: 12d1db8e6557e8f7150d310bb7bc66b6cf381d2f04cf1cb46cb7eb76860482e0 bind-debuginfo-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: ff2c0d98ccca0c29a571444c980f5c63ec58a319dc88aaed2fb3a797af015baf bind-debugsource-9.16.23-40.el9_8.1.i686.rpm SHA-256: 6add39055233b00d124bdc227d1d0bce8cd95e01c5560f408af0207322fcc908 bind-debugsource-9.16.23-40.el9_8.1.x86_64.rpm SHA-256: 179c0246b2c55650d510f7eda48f4ec465977f3f83e67ba26b9dcf7a57db3879 bind-devel-9.16.23-40