A critical vulnerability (CVE-2026-1519, CVSS 7.5 HIGH) in BIND allows a Denial of Service attack via a maliciously crafted DNSSEC-validated zone. Affected versions include BIND 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, and 9.21.0 through 9.21.19. The fix requires upgrading to patched versions 9.18.47, 9.20.21, or 9.21.20.
Red Hat Product Errata RHSA-2026:25214 - Security Advisory Issued: 2026-06-11 Updated: 2026-06-11 RHSA-2026:25214 - Security Advisory Overview Updated Packages Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone (CVE-2026-1519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2451305 - CVE-2026-1519 bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone CVEs CVE-2026-1519 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.4 SRPM bind-9.16.23-18.el9_4.11.src.rpm SHA-256: 62ed1e4204516906aeec925ad0858fa89541158a0deb91f481992a2b8af3be88 x86_64 bind-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: 71e519432899f67eec3752cefb9a5a284e19d0070672f41b95d04cd831d3d2ba bind-chroot-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: 7970774792b0c8bcbdc5469782cbf3dc61ea41e4b61e2bfe8013084a1f0b7f0f bind-debuginfo-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: 65ce991da50f34cb606317fbeb31143f72bb8160756ed419a342c127650b499d bind-debugsource-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: c3b7334c2cdbc3d4b35bdba0e87ee6b3229fe5278301aa12ec515802ecfdcc83 bind-dnssec-doc-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 46e7e915ac542d0c47e879eec15bea53b6391b10d5e1b298bfbffb8862426497 bind-dnssec-utils-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: cf5e7eb4079e68b536a3597e160c8d8ca69e42a5e02aff8dd7429a2cc039d037 bind-dnssec-utils-debuginfo-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: c97240616fbe951e33286b8569769d5507bd1dbc7097fb05c9a3176918d3c9b6 bind-libs-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: f65011034fa62c19d9e07db2c3c702c04e653c41f423a022bad534abbf6c294b bind-libs-debuginfo-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: e011e7a436f69e651d72c77402e2d4544d1706deefbb3e7d2033741951a133e5 bind-license-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 9ac6667f3b51f5ba8ec88256cdf965f1171630e8136524016070c035b80fc374 bind-utils-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: f1fd509b6cb7ef6569b9496140fafc2b5bdb6054c39540943e9b99b6b1cd38b4 bind-utils-debuginfo-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: c5b1a62a0e07b5ed2113fe6d2a7df1fb190c424730d9f8fcf5a9435d07f42e4b python3-bind-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 83cd5a6c7deb9767e3fe2c6a183d44b270d9fdcd24eeeea66b88355cd575ad85 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM bind-9.16.23-18.el9_4.11.src.rpm SHA-256: 62ed1e4204516906aeec925ad0858fa89541158a0deb91f481992a2b8af3be88 ppc64le bind-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: 53c7c0500179c0a77e6ba1f08a82782480f78f050db27c6500e902cd845c1ab6 bind-chroot-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: ad17f303f638ca521e6f24a0ae8968ffd6b284b13f284448212853629eafb149 bind-debuginfo-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: 9acb3261fd7ec6d46df4aa87637aa8655f26a62a104c00fad81cbb16e73b98ca bind-debugsource-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: dbba75a71a5a45d272f3a2c962d79830ff1b168a3a85dd869f2d4a43f8913d85 bind-dnssec-doc-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 46e7e915ac542d0c47e879eec15bea53b6391b10d5e1b298bfbffb8862426497 bind-dnssec-utils-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: 93f718b0553c9af788879b71560172949dda2d08b7666e8af3f8256c832bb1a1 bind-dnssec-utils-debuginfo-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: 9511a8c9f615c71e1c1aecc1c20a1203ff0ca80e21e186f5230b47d4de32c906 bind-libs-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: b31521180b51f830fa1b424a9985d92bea5ca79705e9ccc295033034dd3f9571 bind-libs-debuginfo-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: 0ce6eab0cd35334c3abe247050871ba402dbcb60090542d8809c50422e3ac39b bind-license-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 9ac6667f3b51f5ba8ec88256cdf965f1171630e8136524016070c035b80fc374 bind-utils-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: c6894ece67eb220024478d03f13fbede9a85a31d4bc62dad3ba3c1e11b8d2048 bind-utils-debuginfo-9.16.23-18.el9_4.11.ppc64le.rpm SHA-256: 0e594601b5f526b410e0e1e0feea5eaff50596b412692d418578419e6ce4098c python3-bind-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 83cd5a6c7deb9767e3fe2c6a183d44b270d9fdcd24eeeea66b88355cd575ad85 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM bind-9.16.23-18.el9_4.11.src.rpm SHA-256: 62ed1e4204516906aeec925ad0858fa89541158a0deb91f481992a2b8af3be88 x86_64 bind-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: 71e519432899f67eec3752cefb9a5a284e19d0070672f41b95d04cd831d3d2ba bind-chroot-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: 7970774792b0c8bcbdc5469782cbf3dc61ea41e4b61e2bfe8013084a1f0b7f0f bind-debuginfo-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: 65ce991da50f34cb606317fbeb31143f72bb8160756ed419a342c127650b499d bind-debugsource-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: c3b7334c2cdbc3d4b35bdba0e87ee6b3229fe5278301aa12ec515802ecfdcc83 bind-dnssec-doc-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 46e7e915ac542d0c47e879eec15bea53b6391b10d5e1b298bfbffb8862426497 bind-dnssec-utils-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: cf5e7eb4079e68b536a3597e160c8d8ca69e42a5e02aff8dd7429a2cc039d037 bind-dnssec-utils-debuginfo-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: c97240616fbe951e33286b8569769d5507bd1dbc7097fb05c9a3176918d3c9b6 bind-libs-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: f65011034fa62c19d9e07db2c3c702c04e653c41f423a022bad534abbf6c294b bind-libs-debuginfo-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: e011e7a436f69e651d72c77402e2d4544d1706deefbb3e7d2033741951a133e5 bind-license-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 9ac6667f3b51f5ba8ec88256cdf965f1171630e8136524016070c035b80fc374 bind-utils-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: f1fd509b6cb7ef6569b9496140fafc2b5bdb6054c39540943e9b99b6b1cd38b4 bind-utils-debuginfo-9.16.23-18.el9_4.11.x86_64.rpm SHA-256: c5b1a62a0e07b5ed2113fe6d2a7df1fb190c424730d9f8fcf5a9435d07f42e4b python3-bind-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 83cd5a6c7deb9767e3fe2c6a183d44b270d9fdcd24eeeea66b88355cd575ad85 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM bind-9.16.23-18.el9_4.11.src.rpm SHA-256: 62ed1e4204516906aeec925ad0858fa89541158a0deb91f481992a2b8af3be88 aarch64 bind-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: 2b244e8560660acad1c5b545fc5609d11aa94c4d763d2305568ae0beae5ce269 bind-chroot-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: bebe365b8145dc59d7098318634d351734f2c50e508dbf1ac253e2f9c5203fff bind-debuginfo-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: 07aad77945111d4f308addcf6f474f00a65eddd23609d156d467e5ad369736e4 bind-debugsource-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: a7c9754ad1fbd111acc956c741fe56613eeeb3e91801b66131d1e65c81ca204c bind-dnssec-doc-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 46e7e915ac542d0c47e879eec15bea53b6391b10d5e1b298bfbffb8862426497 bind-dnssec-utils-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: b0f802f54c14e73bb127039dcd85f2e553260c48cacc3a14d21ba2014c325257 bind-dnssec-utils-debuginfo-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: aac8410f5a51f3243b90e4898dd728824e7542a4aa8493e156444263a18e1081 bind-libs-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: 0eac4702365fc08a7fed60d5e2bcef95be7ce33937997b8d336fc406758042d9 bind-libs-debuginfo-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: 06f71e2550bac59a2d7d14d1f0f7e7dbc453befcfa4fc992c7589fd007b225f0 bind-license-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 9ac6667f3b51f5ba8ec88256cdf965f1171630e8136524016070c035b80fc374 bind-utils-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: d1cb2957b9ae96113d7d1a1ea44a95586c7d8193e61a8ebdd4568d338676315a bind-utils-debuginfo-9.16.23-18.el9_4.11.aarch64.rpm SHA-256: c581b9f43c34544b1af12932d89f804387c7984d7d2243ee79e02c3bc3d140c8 python3-bind-9.16.23-18.el9_4.11.noarch.rpm SHA-256: 83cd5a6c7deb9767e3fe2c6a183d44b270d9fdcd24eeeea66b88355cd575ad85 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 SRPM bind-9.16.23-18.el9_4.11.src.rpm SHA-256: 62ed1e4204516906aeec925ad0858fa89541158a0deb91f481992a2b8af3be88 s390x bind-9.16.23-18.el9_4.11.s390x.rpm SHA-256: 2bbb1f3f8d07c38210d4841282d2ff8c8e02c67f26ec568787ea0d09ce54dcb4 bind-chroot-9.16.23-18.el9_4.11.s390x.rpm SHA-256: 7ce9af08fa2b943b561e3a74baa389c11279aaada0e0bca3e9c24d1ca7224c9e bind-debuginfo-9.16.23-18.el9_4.11.s390x.rpm SHA-256: fde5cf3b143cfe5e2c3ce43962