UbuntuUpdates.org

Package "bind9"

Name: bind9

Description:

Internet Domain Name Server
Latest version: 1:9.20.11-1ubuntu2.1
Release: questing (25.10)
Level: updates
Repository: main
Homepage: https://www.isc.org/downloads/bind/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bind9"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "bind9" in Questing

Repository Area Version
base main 1:9.20.11-1ubuntu2
security main 1:9.20.11-1ubuntu2.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:9.20.11-1ubuntu2.1 2025-10-23 03:07:25 UTC

  bind9 (1:9.20.11-1ubuntu2.1) questing-security; urgency=medium

  * SECURITY UPDATE: Resource exhaustion via malformed DNSKEY handling
    - debian/patches/CVE-2025-8677.patch: count invalid keys as validation
      failures in lib/dns/validator.c.
    - CVE-2025-8677
  * SECURITY UPDATE: Cache poisoning attacks with unsolicited RRs
    - debian/patches/CVE-2025-40778.patch: no longer accept DNAME records
      or extraneous NS records in the AUTHORITY section unless these are
      received via spoofing-resistant transport in doc/arm/reference.rst,
      lib/dns/include/dns/message.h, lib/dns/message.c, lib/dns/resolver.c.
    - CVE-2025-40778
  * SECURITY UPDATE: Cache poisoning due to weak PRNG
    - debian/patches/CVE-2025-40780.patch: change internal random generator
      to a cryptographically secure pseudo-random generator in
      configure.ac, lib/isc/Makefile.am, lib/isc/hash.c, lib/isc/hashmap.c,
      lib/isc/include/isc/nonce.h, lib/isc/include/isc/random.h,
      lib/isc/random.c, tests/isc/random_test.c.
    - CVE-2025-40780

 -- Marc Deslauriers <email address hidden> Tue, 21 Oct 2025 07:57:20 -0400
CVE-2025-8677 Resource exhaustion via malformed DNSKEY handling
CVE-2025-40778 Cache poisoning attacks with unsolicited RRs
CVE-2025-40780 Cache poisoning due to weak PRNG


About   -   Send Feedback to @ubuntu_updates