SUSE-CU-2026:496-1: Security update of suse/bind

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jan 30 16:32:17 UTC 2026 

SUSE Container Update Advisory: suse/bind
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:496-1
Container Tags        : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.18 , suse/bind:9.20.18-71.11 , suse/bind:latest
Container Release     : 71.11
Severity              : important
Type                  : security
References            : 1256997 CVE-2025-13878 
-----------------------------------------------------------------

The container suse/bind was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:348-1
Released:    Fri Jan 30 12:17:00 2026
Summary:     Security update for bind
Type:        security
Severity:    important
References:  1256997,CVE-2025-13878
This update for bind fixes the following issues:

Upgrade to release 9.20.18:

- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)

  Feature Changes:
  * Add more information to the rndc recursing output about
    fetches.
  * Reduce the number of outgoing queries.
  * Provide more information when memory allocation fails.

  Bug Fixes:
  * Make DNSSEC key rollovers more robust.
  * Fix a catalog zone issue, where member zones could fail to
    load.
  * Allow glue in delegations with QTYPE=ANY.
  * Fix slow speed when signing a large delegation zone with NSEC3
    opt-out.
  * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to
    be invalid.
  * Fix a possible catalog zone issue during reconfiguration.
  * Fix the charts in the statistics channel.
  * Adding NSEC3 opt-out records could leave invalid records in
    chain.
  * Fix spurious timeouts while resolving names.
  * Fix bug where zone switches from NSEC3 to NSEC after
    retransfer.
  * AMTRELAY type 0 presentation format handling was wrong.
  * Fix parsing bug in remote-servers with key or TLS.
  * Fix DoT reconfigure/reload bug in the resolver.
  * Skip unsupported algorithms when looking for a signing key.
  * Fix dnssec-keygen key collision checking for KEY RRtype keys.
  * dnssec-verify now uses exit code 1 when failing due to illegal
    options.
  * Prevent assertion failures of dig when a server is specified
    before the -b option.
  * Skip buffer allocations if not logging.


The following package changes have been done:

- bind-utils-9.20.18-150700.3.15.1 updated
- bind-9.20.18-150700.3.15.1 updated

More information about the sle-container-updates mailing list