Skip to content

fix(bind9): CVE-2026-3593/5946/5947/3039#8

Closed
deepin-ci-robot wants to merge 4 commits into
masterfrom
fix/CVE-2026-XXXX-multi
Closed

fix(bind9): CVE-2026-3593/5946/5947/3039#8
deepin-ci-robot wants to merge 4 commits into
masterfrom
fix/CVE-2026-XXXX-multi

Conversation

@deepin-ci-robot
Copy link
Copy Markdown
Contributor

@deepin-ci-robot deepin-ci-robot commented May 21, 2026

CVE 修复

CVE ID: CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-3039

漏洞描述: 多个 BIND9 安全漏洞修复

修复方案: Backport 补丁从 BIND 9.20.23

受影响版本: 9.20.0 通过 9.20.22

当前版本: 9.20.21

验证状态: 待验证

  • [CVE-2026-3593]: Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS frames.
  • [CVE-2026-5946]: Disable recursion, UPDATE, and NOTIFY for non-IN views.
  • [CVE-2026-5947]: Fix crash in resolver when SIG(0)-signed responses are received under load.
  • [CVE-2026-3039]: Fix GSS-API resource leak when receiving maliciously-constructed packets.

Fix-Approach: backport
Generated-By: Qwen3.6-35B-A3B-UD-Q4_K_M.gguf
Co-Authored-By: hudeng hudeng@deepin.org

deepin-ci-robot and others added 4 commits May 21, 2026 16:06
@deepin-ci-robot @hudeng-go
fix(bind9): CVE-2026-3593
8ba7101 
Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS frames.

Upstream: https://kb.isc.org/docs/cve-2026-3593
Generated-By: Qwen3.6-35B-A3B-UD-Q4_K_M.gguf
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot @hudeng-go
fix(bind9): CVE-2026-5946
19bc66c 
Disable recursion, UPDATE, and NOTIFY for non-IN views.

Upstream: https://kb.isc.org/docs/cve-2026-5946
Generated-By: Qwen3.6-35B-A3B-UD-Q4_K_M.gguf
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot @hudeng-go
fix(bind9): CVE-2026-5947
b7b6bd9 
Fix crash in resolver when SIG(0)-signed responses are received under load.

Upstream: https://kb.isc.org/docs/cve-2026-5947
Generated-By: Qwen3.6-35B-A3B-UD-Q4_K_M.gguf
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot @hudeng-go
fix(bind9): CVE-2026-3039
9b94d0f 
Fix GSS-API resource leak when receiving maliciously-constructed packets.

Upstream: https://kb.isc.org/docs/cve-2026-3039
Generated-By: Qwen3.6-35B-A3B-UD-Q4_K_M.gguf
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot deepin-ci-robot requested a review from myml May 21, 2026 08:09
@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented May 21, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign xzl01 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@deepin-ci-robot deepin-ci-robot deleted the fix/CVE-2026-XXXX-multi branch May 21, 2026 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@myml myml Awaiting requested review from myml

Assignees

No one assigned

Labels

cve generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@deepin-ci-robot