ALAS2-2026-3353

Amazon Linux 2 Security Advisory: ALAS2-2026-3353
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08

Severity: Medium

References: CVE-2026-3592 CVE-2026-5950
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Limit resolver server list size (CVE-2026-3592)

Avoid unbounded recursion loop (CVE-2026-5950)

Affected Packages:

bind

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update bind or yum update --advisory ALAS2-2026-3353 to update your system.

New Packages:

aarch64:
    bind-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-pkcs11-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-sdb-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-libs-lite-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-libs-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-utils-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-devel-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-lite-devel-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-chroot-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-sdb-chroot-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-export-libs-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-export-devel-9.11.4-26.P2.amzn2.13.16.aarch64
    bind-debuginfo-9.11.4-26.P2.amzn2.13.16.aarch64

i686:
    bind-9.11.4-26.P2.amzn2.13.16.i686
    bind-pkcs11-9.11.4-26.P2.amzn2.13.16.i686
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.13.16.i686
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.13.16.i686
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.13.16.i686
    bind-sdb-9.11.4-26.P2.amzn2.13.16.i686
    bind-libs-lite-9.11.4-26.P2.amzn2.13.16.i686
    bind-libs-9.11.4-26.P2.amzn2.13.16.i686
    bind-utils-9.11.4-26.P2.amzn2.13.16.i686
    bind-devel-9.11.4-26.P2.amzn2.13.16.i686
    bind-lite-devel-9.11.4-26.P2.amzn2.13.16.i686
    bind-chroot-9.11.4-26.P2.amzn2.13.16.i686
    bind-sdb-chroot-9.11.4-26.P2.amzn2.13.16.i686
    bind-export-libs-9.11.4-26.P2.amzn2.13.16.i686
    bind-export-devel-9.11.4-26.P2.amzn2.13.16.i686
    bind-debuginfo-9.11.4-26.P2.amzn2.13.16.i686

noarch:
    bind-license-9.11.4-26.P2.amzn2.13.16.noarch

src:
    bind-9.11.4-26.P2.amzn2.13.16.src

x86_64:
    bind-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-pkcs11-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-pkcs11-utils-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-pkcs11-libs-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-pkcs11-devel-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-sdb-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-libs-lite-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-libs-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-utils-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-devel-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-lite-devel-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-chroot-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-sdb-chroot-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-export-libs-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-export-devel-9.11.4-26.P2.amzn2.13.16.x86_64
    bind-debuginfo-9.11.4-26.P2.amzn2.13.16.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2026-3592, CVE-2026-5950

Mitre: CVE-2026-3592, CVE-2026-5950