Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Advisory for Fedora 42 on BIND 9.18.41 Spoofing Risks and DNSSEC

fedora
Calendar Grey October 30, 2025
Dist Fedora Esm H88
Enhance your Fedora 42 installation with the latest BIND update resolving key security issues.
Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found

Summary

BIND (Berkeley Internet Name Domain) is an implementation of the DNS

(Domain Name System) protocols. BIND includes a DNS server (named),

which resolves host names to IP addresses; a resolver library

(routines for applications to use when interfacing with DNS); and

tools for verifying that the DNS server is operating properly.

Update Information:

Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780) New Features: Support for parsing HHIT and BRID records has been added. Removed Features: Deprecate the "tkey-domain" statement. Deprecate the "tkey-gssapi-credential" statement. Bug Fixes: Prevent spurious SERVFAILs for certain 0-TTL resource records. Missing DNSSEC information when CD bit is set in query. https://downloads.isc.org/isc/bind9/9.18.41/doc/arm/html/notes.html#notes-for- bind-9-18-41

Topics%20covered

Topics Covered

security advisory fedora bind cache poisoning DNS spoofing

Change Log

* Fri Oct 24 2025 Petr Men\u0161k - 32:9.18.41-1 - Update to 9.18.41 (rhbz#2405786, CVE-2025-8677 CVE-2025-40778 CVE-2025-40780)

References


[ 1 ] Bug #2405786 - bind-9.18.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=2405786 [ 2 ] Bug #2405833 - CVE-2025-8677 CVE-2025-40778 CVE-2025-40780 bind: various flaws [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2405833

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-92566203fd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: bind
Product: Fedora 42
Version: 9.18.41
Release: 1.fc42
URL: https://www.isc.org/bind/
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server

Topics%20covered

Topics Covered

security advisory fedora bind cache poisoning DNS spoofing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here