Detections
Analytics

openSUSE 16 Security Update : bind (openSUSE-SU-2026:20091-1)

high Nessus Plugin ID 296570

Synopsis

The remote openSUSE host is missing a security update.

Description

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20091-1 advisory.

 Upgrade to release 9.20.18:

 - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records (bsc#1256997)

 Feature Changes:
 * Add more information to the rndc recursing output about fetches.
 * Reduce the number of outgoing queries.
 * Provide more information when memory allocation fails.

 Bug Fixes:
 * Make DNSSEC key rollovers more robust.
 * Fix a catalog zone issue, where member zones could fail to load.
 * Allow glue in delegations with QTYPE=ANY.
 * Fix slow speed when signing a large delegation zone with NSEC3 opt-out.
 * Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid.
 * Fix a possible catalog zone issue during reconfiguration.
 * Fix the charts in the statistics channel.
 * Adding NSEC3 opt-out records could leave invalid records in chain.
 * Fix spurious timeouts while resolving names.
 * Fix bug where zone switches from NSEC3 to NSEC after retransfer.
 * AMTRELAY type 0 presentation format handling was wrong.
 * Fix parsing bug in remote-servers with key or TLS.
 * Fix DoT reconfigure/reload bug in the resolver.
 * Skip unsupported algorithms when looking for a signing key.
 * Fix dnssec-keygen key collision checking for KEY RRtype keys.
 * dnssec-verify now uses exit code 1 when failing due to illegal options.
 * Prevent assertion failures of dig when a server is specified before the -b option.
 * Skip buffer allocations if not logging.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1256997

https://www.suse.com/security/cve/CVE-2025-13878

Plugin Details

Severity: High

ID: 296570

File Name: openSUSE-2026-20091-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/26/2026

Updated: 1/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2025-13878

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:bind-utils, p-cpe:/a:novell:opensuse:bind-modules-mysql, cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:bind-modules-sqlite3, p-cpe:/a:novell:opensuse:bind-modules-generic, p-cpe:/a:novell:opensuse:bind-modules-bdbhpt, p-cpe:/a:novell:opensuse:bind-modules-perl, p-cpe:/a:novell:opensuse:bind-modules-ldap, p-cpe:/a:novell:opensuse:bind

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/22/2026

Vulnerability Publication Date: 1/21/2026

Reference Information

CVE: CVE-2025-13878

IAVA: 2026-A-0081