{"affected":[{"ecosystem_specific":{"binaries":[{"bind":"9.20.18-160000.1.1","bind-doc":"9.20.18-160000.1.1","bind-modules-generic":"9.20.18-160000.1.1","bind-modules-ldap":"9.20.18-160000.1.1","bind-modules-mysql":"9.20.18-160000.1.1","bind-modules-perl":"9.20.18-160000.1.1","bind-modules-sqlite3":"9.20.18-160000.1.1","bind-utils":"9.20.18-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 16.0","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.20.18-160000.1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"bind":"9.20.18-160000.1.1","bind-doc":"9.20.18-160000.1.1","bind-modules-generic":"9.20.18-160000.1.1","bind-modules-ldap":"9.20.18-160000.1.1","bind-modules-mysql":"9.20.18-160000.1.1","bind-modules-perl":"9.20.18-160000.1.1","bind-modules-sqlite3":"9.20.18-160000.1.1","bind-utils":"9.20.18-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP applications 16.0","name":"bind","purl":"pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.20.18-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for bind fixes the following issues:\n\nUpgrade to release 9.20.18:\n\n- CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)\n\n  Feature Changes:\n  * Add more information to the rndc recursing output about\n    fetches.\n  * Reduce the number of outgoing queries.\n  * Provide more information when memory allocation fails.\n\n  Bug Fixes:\n  * Make DNSSEC key rollovers more robust.\n  * Fix a catalog zone issue, where member zones could fail to\n    load.\n  * Allow glue in delegations with QTYPE=ANY.\n  * Fix slow speed when signing a large delegation zone with NSEC3\n    opt-out.\n  * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to\n    be invalid.\n  * Fix a possible catalog zone issue during reconfiguration.\n  * Fix the charts in the statistics channel.\n  * Adding NSEC3 opt-out records could leave invalid records in\n    chain.\n  * Fix spurious timeouts while resolving names.\n  * Fix bug where zone switches from NSEC3 to NSEC after\n    retransfer.\n  * AMTRELAY type 0 presentation format handling was wrong.\n  * Fix parsing bug in remote-servers with key or TLS.\n  * Fix DoT reconfigure/reload bug in the resolver.\n  * Skip unsupported algorithms when looking for a signing key.\n  * Fix dnssec-keygen key collision checking for KEY RRtype keys.\n  * dnssec-verify now uses exit code 1 when failing due to illegal\n    options.\n  * Prevent assertion failures of dig when a server is specified\n    before the -b option.\n  * Skip buffer allocations if not logging.\n","id":"SUSE-SU-2026:20135-1","modified":"2026-01-22T16:50:15Z","published":"2026-01-22T16:50:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620135-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256997"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-13878"}],"related":["CVE-2025-13878"],"summary":"Security update for bind","upstream":["CVE-2025-13878"]}