Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
217
security advisoryimportantdns attackOracle Linux 9 Advisory ELSA-2025-21111 bind9 Important DNS Issues
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-21111 http://linux.oracle.com/errata/ELSA-2025-21111.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bind9.18-9.18.29-5.el9_7.2.x86_64.rpm bind9.18-chroot-9.18.29-5.el9_7.2.x86_64.rpm bind9.18-devel-9.18.29-5.el9_7.2.i686.rpm bind9.18-devel-9.18.29-5.el9_7.2.x86_64.rpm bind9.18-dnssec-utils-9.18.29-5.el9_7.2.x86_64.rpm bind9.18-doc-9.18.29-5.el9_7.2.noarch.rpm bind9.18-libs-9.18.29-5.el9_7.2.i686.rpm bind9.18-libs-9.18.29-5.el9_7.2.x86_64.rpm bind9.18-utils-9.18.29-5.el9_7.2.x86_64.rpm aarch64: bind9.18-9.18.29-5.el9_7.2.aarch64.rpm bind9.18-chroot-9.18.29-5.el9_7.2.aarch64.rpm bind9.18-devel-9.18.29-5.el9_7.2.aarch64.rpm bind9.18-dnssec-utils-9.18.29-5.el9_7.2.aarch64.rpm bind9.18-doc-9.18.29-5.el9_7.2.noarch.rpm bind9.18-libs-9.18.29-5.el9_7.2.aarch64.rpm bind9.18-utils-9.18.29-5.el9_7.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/bind9.18-9.18.29-5.el9_7.2.src.rpm Related CVEs: CVE-2025-8677 CVE-2025-40778 CVE-2025-40780 Description of changes: [32:9.18.29-5.2] - Fix upstream reported regression in recent CVE fix (CVE-2025-8677) - Add upstream created test to this regression [32:9.18.29-5.1] - Refuse malformed DNSKEY records (CVE-2025-8677) - Address various spoofing attacks (CVE-2025-40778) - Prevent cache poisoning due to weak PRNG (CVE-2025-40780) [32:9.18.29-5] - logrotate: skip if empty and remove old variants (RHEL-113942) _______________________________________________ El-errata mailing list
Nov 27, 2025
•Important
Oracle
89
security advisoryfedorabindFedora 43: BIND 9.18.41 Important DNS Attack Fixes CVE-2025-8677
Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-66fb3fa6b0 2025-11-08 01:06:29.234560+00:00 -------------------------------------------------------------------------------- Name : bind Product : Fedora 43 Version : 9.18.41 Release : 1.fc43 URL : https://www.isc.org/bind/ Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. -------------------------------------------------------------------------------- Update Information: Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780) New Features: Support for parsing HHIT and BRID records has been added. Removed Features: Deprecate the "tkey-domain" statement. Deprecate the "tkey-gssapi-credential" statement. Bug Fixes: Prevent spurious SERVFAILs for certain 0-TTL resource records. Missing DNSSEC information when CD bit is set in query. https://downloads.isc.org/isc/bind9/9.18.41/doc/arm/html/notes.html#notes-for- bind-9-18-41 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 24 2025 Petr Men\u0161k - 32:9.18.41-1 - Update to 9.18.41 (rhbz#2405786, CVE-2025-8677 CVE-2025-40778CVE-2025-40780) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2405786 - bind-9.18.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=2405786 [ 2 ] Bug #2405831 - CVE-2025-8677 CVE-2025-40778 CVE-2025-40780 bind: various flaws [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405831 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-66fb3fa6b0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical fixes in Fedora 43 for BIND 9.18.41 addressing DNSSEC validation and spoofing threats.. BIND 9.18.41 updates,Fedora critical fixes,DNS caching issues,DNSSEC validation problems. . Severity: Important. LinuxSecurity.com Team
Nov 08, 2025
•Important
Fedora
91
security advisorydenial of servicegentooGentoo GLSA: 202012-11 Low Severity c-ares Denial Of Service
A Denial of Service vulnerability was discovered in c-ares.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: c-ares: Denial of service Date: December 23, 2020 Bugs: #754939 ID: 202012-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A Denial of Service vulnerability was discovered in c-ares. Background ========= c-ares is an asynchronous resolver library. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/c-ares < 1.17.1 > = 1.17.1 Description ========== It was discovered that c-ares incorrectly handled certain DNS requests. Impact ===== A remote attacker, able to trigger a DNS request for a host of their choice by an application linked against c-ares, could possibly cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All c-ares users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-dns/c-ares-1.17.1" References ========= [ 1 ] CVE-2020-8277 https://nvd.nist.gov/vuln/detail/CVE-2020-8277 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202012-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concernsshould be addressed to
Dec 23, 2020
•Low
Gentoo
87
security advisorybuffer overflowdebianDebian: DSA-2449-1 Moderate: Apache Tomcat Security Vulnerability
It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query. For the stable distribution (squeeze), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2448-1
Apr 10, 2012
•Important
Debian
91
security advisorygentoobindGentoo GLSA-200708-13 Normal: BIND Weak Random Number Generation
The ISC BIND random number generator uses a weak algorithm, making it easier to guess the next query ID and perform a DNS cache poisoning attack. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Weak random number generation Date: August 18, 2007 Bugs: #186556 ID: 200708-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The ISC BIND random number generator uses a weak algorithm, making it easier to guess the next query ID and perform a DNS cache poisoning attack. Background ========= ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.4.1_p1 > = 9.4.1_p1 Description ========== Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs in the resolver routine or in zone transfer queries (CVE-2007-2926). Additionally, the default configuration file has been strengthen with respect to the allow-recursion{} and the allow-query{} options (CVE-2007-2925). Impact ===== A remote attacker can use this weakness by sending queries for a domain he handles to a resolver (directly to a recursive server, or through another process like an email processing) and then observing the resulting IDs of the iterative queries. The attacker will half the time be able to guess the nextquery ID, then perform cache poisoning by answering with those guessed IDs, while spoofing the UDP source address of the reply. Furthermore, with empty allow-recursion{} and allow-query{} options, the default configuration allowed anybody to make recursive queries and query the cache. Workaround ========= There is no known workaround at this time for the random generator weakness. The allow-recursion{} and allow-query{} options should be set to trusted hosts only in /etc/bind/named.conf, thus preventing several security risks. Resolution ========= All ISC BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-dns/bind-9.4.1_p1" References ========= [ 1 ] CVE-2007-2925 https://www.cve.org/CVERecord?id=CVE-2007-2925 [ 2 ] CVE-2007-2926 https://www.cve.org/CVERecord?id=CVE-2007-2926 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200708-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 18, 2007
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!