Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 25.10: Critical DoS Cache Poisoning Advisory for Bind9 USN-7836-1

ubuntu
Calendar Grey October 22, 2025
Dist Ubuntu Esm H88
Several security issues fixed in Bind for Ubuntu with recommendations for immediate updates to avoid attacks.
Several security issues were fixed in Bind.

Summary

Several security issues were fixed in Bind.

Software Description:

- bind9: Internet Domain Name Server

Details:

Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain

malformed DNSKEY records. A remote attacker could possibly use this issue

to cause Bind to consume resources, resulting in a denial of service.

(CVE-2025-8677)

Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Bind

incorrectly accepted certain records from answers. A remote attacker could

possibly use this issue to perform a cache poisoning attack.

(CVE-2025-40778)

Amit Klein and Omer Ben Simhon discovered that Bind used a weak PRNG. A

remote attacker could possibly use this issue to perform a cache poisoning

attack. (CVE-2025-40780)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  bind9                           1:9.20.11-1ubuntu2.1

Ubuntu 25.04
  bind9                           1:9.20.11-0ubuntu0.2

Ubuntu 24.04 LTS
  bind9                           1:9.18.39-0ubuntu0.24.04.2

Ubuntu 22.04 LTS
  bind9                           1:9.18.39-0ubuntu0.22.04.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7836-1

CVE-2025-40778, CVE-2025-40780, CVE-2025-8677

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7836-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here