openSUSE Leap 16.0: Major Security Updates Addressing BIND CVE-2025-40778

opensuse

January 17, 2026

An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed.

Description

This update for bind fixes the following issues:

- Upgrade to release 9.20.15

Security Fixes:

* CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs (bsc#1252379)

* CVE-2025-40780: Fixed cache poisoning due to weak PRNG (bsc#1252380)

* CVE-2025-8677: Fixed resource exhaustion via malformed DNSKEY handling (bsc#1252378)

New Features:

* Add dnssec-policy keys configuration check to named-checkconf.

* Add a new option `manual-mode` to dnssec-policy.

* Add a new option `servfail-until-ready` to response-policy

zones.

* Support for parsing HHIT and BRID records has been added.

* Support for parsing DSYNC records has been added.

Removed Features:

* Deprecate the `tkey-gssapi-credential` statement.

* Obsolete the `tkey-domain` statement.

Feature Changes:

* Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS

digest type 1.

Bug Fixes:

* Missing DNSSEC information when CD bit is set in query.

* rndc sign during ZSK...

Read the Full Advisory

Topics Covered

security advisory bind important cache poisoning OpenSUSE resource exhaustion

Patch

Package List

- openSUSE Leap 16.0:

bind-9.20.15-160000.1.1

bind-doc-9.20.15-160000.1.1

bind-modules-bdbhpt-9.20.15-160000.1.1

bind-modules-generic-9.20.15-160000.1.1

bind-modules-ldap-9.20.15-160000.1.1

bind-modules-mysql-9.20.15-160000.1.1

bind-modules-perl-9.20.15-160000.1.1

bind-modules-sqlite3-9.20.15-160000.1.1

bind-utils-9.20.15-160000.1.1

References

* bsc#1230649

* bsc#1252378

* bsc#1252379

* bsc#1252380

References:

* https://www.suse.com/security/cve/CVE-2025-40778.html

* https://www.suse.com/security/cve/CVE-2025-40780.html

* https://www.suse.com/security/cve/CVE-2025-8677.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2026:20039-1

Rating: important

Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics Covered

security advisory bind important cache poisoning OpenSUSE resource exhaustion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 16.0: Major Security Updates Addressing BIND CVE-2025-40778

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 16.0: Major Security Updates Addressing BIND CVE-2025-40778

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!