AlmaLinux issued two important security advisories for version 8 to patch critical flaws in BIND and libyang. The BIND update resolves memory exhaustion risks and denial of service vulnerabilities tied to GSS API negotiation. You will also need to address a dangerous libyang issue that allows arbitrary code execution through crafted binary blobs. Apply these patches right away to keep your DNS services and data modeling tools secure.

ALSA-2026:24339: bind security update (Important)
ALSA-2026:24545: libyang security update (Important)

ALSA-2026:24339: bind security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-09

Summary:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation (CVE-2026-3039)
* bind: BIND: Denial of Service via specially crafted DNS messages (CVE-2026-5946)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-24339.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:24545: libyang security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-09

Summary:

Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.

Security Fix(es):

* libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-24545.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team