The Internet Systems Consortium (ISC) has released a security advisory to highlight a vulnerability in versions of BIND software released before May 2013, and in third-party versions that do not include fix #3548. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Using unpatched software increases risks from viruses and other security threats, and attackers may target vulnerabilities for months or even years after patches are available.
Users and administrators are encouraged to review the ISC Security Advisory and apply the necessary updates. See US-CERT Security Tip on Understanding Patches for more information.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…