Skip to main content

updating bind in cpanel

Comments

7 comments

  • mtindor

    Any particular reason that you feel you need to upgrade to bind 9.20.22?   Is it because some security/PCI scan told you so?  If so, keep in mind that patches for vulnerabilities are backported and your version of bind may not be vulnerable (assuming something is suggesting that your bind version is).

    Latest updates to bind 9.11.36:

    * Wed May 27 2026 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.8
    - Fix GSS-API resource leak (CVE-2026-3039)
    - Invalid handling of CLASS != IN (CVE-2026-5946)

    * Fri Mar 27 2026 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.7
    - Denial of Service via maliciously crafted DNSSEC-validated zone
      (CVE-2026-1519)

    * Thu Oct 30 2025 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.6
    - Address various spoofing attacks (CVE-2025-40778)

    * Thu Jul 10 2025 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.5
    - Add support for max-records-per-type and max-types-per-name options
      (RHEL-61936)
    - Support reading of new options also in named-checkconf -z, v2

    0
  • cPRex Jurassic Moderator

    I would also recommend not trying to update this beyond what the operating system comes with as that will almost certainly lead to unintended consequences.

    0
  • bam sh

    what do you suggest? i should update it because of security and it cannot be updated. should i do anything else?

    0
  • mtindor

    Who says you have to update it?   Who says its insecure?   If it's stupid PCI compliance, tell them you are running a version of bind that has all of the patches backported to it, and that despite the version it is up to date.

    0
  • bam sh

    security team in our company sent me a link and told our team to upgrade bind in our ns servers. he said this is because of CVE-2026-3039 vulnerability.

    the link is here : 

     

    0
  • mtindor

    Just show them the output of rpm -qa --changelog | grep CVE-2026-3039

    * Wed May 27 2026 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16.8
    - Fix GSS-API resource leak (CVE-2026-3039)

    Tell them the patch was backported into the version running on the server and that the version is secure

    Mike

     

    0
  • bam sh

    thanks a bunch for your help :) 

    1

Please sign in to leave a comment.