9.21.14 update resolves CVE-2025-40778: Cache poisoning attacks with unsolicited RRs New Published on Oct 22, 2025 https://kb.isc.org/docs/cve-2025-40778 CVSS Score: 8.6 Versions affected: BIND 9.11.0 -> 9.16.50 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 <--------------- Reproducible: Always
https://downloads.isc.org/isc/bind9/9.21.14/doc/arm/html/notes.html#security-fixes 9.21.14 update resolves CVE-2025-8677: Resource exhaustion via malformed DNSKEY handling Severity: High https://kb.isc.org/docs/cve-2025-8677 CVE-2025-40778: Cache poisoning attacks with unsolicited RRs Severity: High https://kb.isc.org/docs/cve-2025-40778 CVE-2025-40780: Cache poisoning due to weak PRNG Severity: High https://kb.isc.org/docs/cve-2025-40780
Yes, I know they are there. I was quite busy in previous days working on RHEL patches, which are still not delivered to our customers. In fedora is fixing it simpler, but I have only two eyes and two hands. I understand, but this development version is kind of last one to process when everything else is finished. Fortunately this does not need building together with bind-dyndb-ldap. But sure, it is taking enough time.
FEDORA-2025-b68f7f541d (bind9-next-9.21.14-2.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-b68f7f541d
FEDORA-2025-d9f9394ecd (bind9-next-9.21.14-2.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-d9f9394ecd
I am not sure whether I should escalate no bind9-next CVE bugs created, but I always fix CVEs for for this development version by rebases anyway.
FEDORA-2025-b68f7f541d has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-b68f7f541d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-b68f7f541d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-d9f9394ecd has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-d9f9394ecd` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-d9f9394ecd See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-d9f9394ecd (bind9-next-9.21.14-2.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-b68f7f541d (bind9-next-9.21.14-2.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.