From: Ashishkumar Parmar <[email protected]> Analysis: - CVE-2026-3039 affects BIND servers using TKEY-based authentication via GSS-API tokens [1]. - This recipe configures BIND with --with-gssapi=no, so the vulnerable GSS-API TKEY negotiation path is disabled [2]. - Hence ignoring the CVE for this build configuration.
Reference: [1] https://kb.isc.org/docs/cve-2026-3039 [2] meta/recipes-connectivity/bind/bind_9.18.44.bb Signed-off-by: Ashishkumar Parmar <[email protected]> --- meta/recipes-connectivity/bind/bind_9.18.44.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-connectivity/bind/bind_9.18.44.bb b/meta/recipes-connectivity/bind/bind_9.18.44.bb index dd8923f185..7b5baf5338 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.44.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.44.bb @@ -43,6 +43,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" # Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore # so the issue doesn't affect us. CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore." +CVE_STATUS[CVE-2026-3039] = "not-applicable-config: BIND is built with --with-gssapi=no, so GSS-API TKEY negotiation is disabled." inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#238345): https://lists.openembedded.org/g/openembedded-core/message/238345 Mute This Topic: https://lists.openembedded.org/mt/119737300/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
