A Denial of Service vulnerability (CVE-2026-1519, CVSS 7.5 HIGH) in BIND allows remote attackers to crash the `named` server via a maliciously crafted DNSSEC-validated zone. The vulnerability affects ISC BIND versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, and 9.21.0 through 9.21.19. Remediation requires upgrading to patched versions 9.18.47, 9.20.21, or 9.21.20, respectively.
Red Hat Product Errata RHSA-2026:25171 - Security Advisory Issued: 2026-06-11 Updated: 2026-06-11 RHSA-2026:25171 - Security Advisory Overview Updated Packages Synopsis Important: bind9.16 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone (CVE-2026-1519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64 Red Hat Enterprise Linux Server - AUS 8.6 x86_64 Fixes BZ - 2451305 - CVE-2026-1519 bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone CVEs CVE-2026-1519 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 SRPM bind9.16-9.16.23-0.7.el8_6.10.src.rpm SHA-256: 6694b7e9428253361c55b41d559a40cc3c184abd66e53b954b97cdee37b8bdff x86_64 bind9.16-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: b5918c04fc857a85c1795f01eb22da5cc0b72438271a093a0d78c3ede5d93e69 bind9.16-chroot-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: e0374c9c5b85698b8be89e0e1ab75ce2a4ee970fbc07dd2c2a9460ec7efcbcc2 bind9.16-debuginfo-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: c7dee8037317b418e7e12b3b18a6bde769d6d8baf3608f371388d7f3981b9134 bind9.16-debugsource-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: 80c08fa15f6306e952d0763839b1214517fd9274f0568208df31225752b7e5d0 bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: b83b42f4376f51df21843102d8288220fbbafbccc3a0cc4109f570e148e217e7 bind9.16-libs-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: 3d93064ea24705db5c517528f77ac482d67f0614119a6a7eba4de94bbd585fbc bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: 97aa223d97557438bb8e93116969bd599e500f90af301be5ec901f61a8a5f145 bind9.16-license-9.16.23-0.7.el8_6.10.noarch.rpm SHA-256: e508238b35a7fbfe4f338d1e9e072d4efc54710e361a7b56af27168cd6b27bf2 bind9.16-utils-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: e971ac3820ee3e5bcdc41f690b9749bba4317b3f2d887270a2c689d4957e08f3 bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: 541b1755494bcdf650ed17df33716da04f379082aca47a5b12cebcc15be0fc99 Red Hat Enterprise Linux Server - AUS 8.6 SRPM bind9.16-9.16.23-0.7.el8_6.10.src.rpm SHA-256: 6694b7e9428253361c55b41d559a40cc3c184abd66e53b954b97cdee37b8bdff x86_64 bind9.16-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: b5918c04fc857a85c1795f01eb22da5cc0b72438271a093a0d78c3ede5d93e69 bind9.16-chroot-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: e0374c9c5b85698b8be89e0e1ab75ce2a4ee970fbc07dd2c2a9460ec7efcbcc2 bind9.16-debuginfo-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: c7dee8037317b418e7e12b3b18a6bde769d6d8baf3608f371388d7f3981b9134 bind9.16-debugsource-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: 80c08fa15f6306e952d0763839b1214517fd9274f0568208df31225752b7e5d0 bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: b83b42f4376f51df21843102d8288220fbbafbccc3a0cc4109f570e148e217e7 bind9.16-libs-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: 3d93064ea24705db5c517528f77ac482d67f0614119a6a7eba4de94bbd585fbc bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: 97aa223d97557438bb8e93116969bd599e500f90af301be5ec901f61a8a5f145 bind9.16-license-9.16.23-0.7.el8_6.10.noarch.rpm SHA-256: e508238b35a7fbfe4f338d1e9e072d4efc54710e361a7b56af27168cd6b27bf2 bind9.16-utils-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: e971ac3820ee3e5bcdc41f690b9749bba4317b3f2d887270a2c689d4957e08f3 bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.10.x86_64.rpm SHA-256: 541b1755494bcdf650ed17df33716da04f379082aca47a5b12cebcc15be0fc99 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .