Release date:
2026-06-02 17:33:41 UTC
Description:
* SECURITY UPDATE: Multiple assertion failures in named when handling DNS
messages with non-IN class (CHAOS, HESIOD) or meta-classes (ANY, NONE)
in UPDATE, NOTIFY, and recursion paths
- debian/patches/CVE-2026-5946.patch: disable recursion for non-IN views,
reject UPDATE and NOTIFY for non-IN classes, validate DNS message CLASS
early in request processing, reject NONE/ANY meta-classes in UPDATE and
NOTIFY questions, and skip deny-answer-address for non-IN addresses in
bin/named/server.c, lib/bind9/check.c, lib/dns/adb.c,
lib/dns/message.c, lib/dns/resolver.c, lib/ns/client.c, lib/ns/update.c
- CVE-2026-5946
Updated packages:
-
bind9_9.18.30-0ubuntu0.20.04.2+tuxcare.els2_amd64.deb
sha:88c515406410d7233d03364311f64e7f7f576485
-
bind9-dnsutils_9.18.30-0ubuntu0.20.04.2+tuxcare.els2_amd64.deb
sha:829c94c4f6632cc35ce70e7e7c9112a374971c68
-
bind9-doc_9.18.30-0ubuntu0.20.04.2+tuxcare.els2_all.deb
sha:7da3a6f6154f2487e47c7f7ef7bb7f4198e879ad
-
bind9-host_9.18.30-0ubuntu0.20.04.2+tuxcare.els2_amd64.deb
sha:db8887b2dca19ae6954742b66bbdfbe4cd1d8c5b
-
bind9-libs_9.18.30-0ubuntu0.20.04.2+tuxcare.els2_amd64.deb
sha:bde7fa46dab1427477263b595f218a5481ed7e03
-
bind9-utils_9.18.30-0ubuntu0.20.04.2+tuxcare.els2_amd64.deb
sha:39fde3f1e4658c866b972b8dc33553788a1f24a4
-
bind9utils_9.18.30-0ubuntu0.20.04.2+tuxcare.els2_all.deb
sha:69c4d020fb4d6d842080c990b6520581aa31854d
-
dnsutils_9.18.30-0ubuntu0.20.04.2+tuxcare.els2_all.deb
sha:7e30a71b357be80caf47ce24d254df5f254f8a7f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
