Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43: Critical DNSSEC Spoofing and Caching Issues in bind-dyndb-ldap

fedora
Calendar Grey November 8, 2025
Dist Fedora Esm H88
Critical security updates for Fedora 43's bind-dyndb-ldap addressing DNSSEC and caching issues. Install urgently.
Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found

Summary

This package provides an LDAP back-end plug-in for BIND. It features

support for dynamic updates and internal caching, to lift the load

off of your LDAP server.

Update Information:

Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780) New Features: Support for parsing HHIT and BRID records has been added. Removed Features: Deprecate the "tkey-domain" statement. Deprecate the "tkey-gssapi-credential" statement. Bug Fixes: Prevent spurious SERVFAILs for certain 0-TTL resource records. Missing DNSSEC information when CD bit is set in query. https://downloads.isc.org/isc/bind9/9.18.41/doc/arm/html/notes.html#notes-for- bind-9-18-41

Topics%20covered

Topics Covered

security advisory fedora critical cache poisoning spoofing DNSSEC

Change Log

* Fri Oct 24 2025 Petr Men\u0161k - 11.11-8 - Rebuilt for BIND 9.18.41 (rhbz#2405786)

References


[ 1 ] Bug #2405786 - bind-9.18.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=2405786 [ 2 ] Bug #2405831 - CVE-2025-8677 CVE-2025-40778 CVE-2025-40780 bind: various flaws [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405831

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-66fb3fa6b0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bind-dyndb-ldap
Product: Fedora 43
Version: 11.11
Release: 8.fc43
URL: https://releases.pagure.org/bind-dyndb-ldap
Summary: LDAP back-end plug-in for BIND

Topics%20covered

Topics Covered

security advisory fedora critical cache poisoning spoofing DNSSEC

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here