Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: Critical DNS Security Flaws in bind-dyndb-ldap CVE-2025-8677

fedora
Calendar Grey October 30, 2025
Dist Fedora Esm H88
Critical security fix for bind-dyndb-ldap in Fedora 42 addresses DNS spoofing and cache-poisoning risks effectively.
Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found

Summary

This package provides an LDAP back-end plug-in for BIND. It features

support for dynamic updates and internal caching, to lift the load

off of your LDAP server.

Update Information:

Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780) New Features: Support for parsing HHIT and BRID records has been added. Removed Features: Deprecate the "tkey-domain" statement. Deprecate the "tkey-gssapi-credential" statement. Bug Fixes: Prevent spurious SERVFAILs for certain 0-TTL resource records. Missing DNSSEC information when CD bit is set in query. https://downloads.isc.org/isc/bind9/9.18.41/doc/arm/html/notes.html#notes-for- bind-9-18-41

Topics%20covered

Topics Covered

security advisory fedora important cache poisoning bind-dyndb-ldap DNS attacks

Change Log

* Fri Oct 24 2025 Petr Men\u0161k - 11.11-7 - Rebuilt for BIND 9.18.41 (rhbz#2405786)

References


[ 1 ] Bug #2405786 - bind-9.18.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=2405786 [ 2 ] Bug #2405833 - CVE-2025-8677 CVE-2025-40778 CVE-2025-40780 bind: various flaws [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2405833

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-92566203fd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: bind-dyndb-ldap
Product: Fedora 42
Version: 11.11
Release: 7.fc42
URL:
Summary: LDAP back-end plug-in for BIND

Topics%20covered

Topics Covered

security advisory fedora important cache poisoning bind-dyndb-ldap DNS attacks

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here