RLSA-2025:21034

Synopsis

Important: bind security update

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)

* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)

* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2405827 2405829 2405830

CVEs

CVE-2025-40778 CVE-2025-40780 CVE-2025-8677

Affected packages

Rocky Linux 10 aarch64 - AppStream

bind-32:9.18.33-10.el10_1.2.aarch64.rpm bind-32:9.18.33-10.el10_1.2.src.rpm bind-chroot-32:9.18.33-10.el10_1.2.aarch64.rpm bind-debuginfo-32:9.18.33-10.el10_1.2.aarch64.rpm bind-debugsource-32:9.18.33-10.el10_1.2.aarch64.rpm bind-dnssec-utils-32:9.18.33-10.el10_1.2.aarch64.rpm bind-dnssec-utils-debuginfo-32:9.18.33-10.el10_1.2.aarch64.rpm bind-libs-32:9.18.33-10.el10_1.2.aarch64.rpm bind-libs-debuginfo-32:9.18.33-10.el10_1.2.aarch64.rpm bind-license-32:9.18.33-10.el10_1.2.noarch.rpm bind-utils-32:9.18.33-10.el10_1.2.aarch64.rpm bind-utils-debuginfo-32:9.18.33-10.el10_1.2.aarch64.rpm

Rocky Linux 10 ppc64le - AppStream

bind-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-32:9.18.33-10.el10_1.2.src.rpm bind-chroot-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-debuginfo-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-debugsource-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-dnssec-utils-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-dnssec-utils-debuginfo-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-libs-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-libs-debuginfo-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-license-32:9.18.33-10.el10_1.2.noarch.rpm bind-utils-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-utils-debuginfo-32:9.18.33-10.el10_1.2.ppc64le.rpm

Rocky Linux 10 s390x - AppStream

bind-32:9.18.33-10.el10_1.2.s390x.rpm bind-32:9.18.33-10.el10_1.2.src.rpm bind-chroot-32:9.18.33-10.el10_1.2.s390x.rpm bind-debuginfo-32:9.18.33-10.el10_1.2.s390x.rpm bind-debugsource-32:9.18.33-10.el10_1.2.s390x.rpm bind-dnssec-utils-32:9.18.33-10.el10_1.2.s390x.rpm bind-dnssec-utils-debuginfo-32:9.18.33-10.el10_1.2.s390x.rpm bind-libs-32:9.18.33-10.el10_1.2.s390x.rpm bind-libs-debuginfo-32:9.18.33-10.el10_1.2.s390x.rpm bind-license-32:9.18.33-10.el10_1.2.noarch.rpm bind-utils-32:9.18.33-10.el10_1.2.s390x.rpm bind-utils-debuginfo-32:9.18.33-10.el10_1.2.s390x.rpm

Rocky Linux 10 x86_64 - AppStream

bind-32:9.18.33-10.el10_1.2.src.rpm bind-32:9.18.33-10.el10_1.2.x86_64.rpm bind-chroot-32:9.18.33-10.el10_1.2.x86_64.rpm bind-debuginfo-32:9.18.33-10.el10_1.2.x86_64.rpm bind-debugsource-32:9.18.33-10.el10_1.2.x86_64.rpm bind-dnssec-utils-32:9.18.33-10.el10_1.2.x86_64.rpm bind-dnssec-utils-debuginfo-32:9.18.33-10.el10_1.2.x86_64.rpm bind-libs-32:9.18.33-10.el10_1.2.x86_64.rpm bind-libs-debuginfo-32:9.18.33-10.el10_1.2.x86_64.rpm bind-license-32:9.18.33-10.el10_1.2.noarch.rpm bind-utils-32:9.18.33-10.el10_1.2.x86_64.rpm bind-utils-debuginfo-32:9.18.33-10.el10_1.2.x86_64.rpm

Rocky Linux 10 aarch64 - CRB

bind-devel-32:9.18.33-10.el10_1.2.aarch64.rpm bind-doc-32:9.18.33-10.el10_1.2.noarch.rpm

Rocky Linux 10 ppc64le - CRB

bind-devel-32:9.18.33-10.el10_1.2.ppc64le.rpm bind-doc-32:9.18.33-10.el10_1.2.noarch.rpm

Rocky Linux 10 s390x - CRB

bind-devel-32:9.18.33-10.el10_1.2.s390x.rpm bind-doc-32:9.18.33-10.el10_1.2.noarch.rpm

Rocky Linux 10 x86_64 - CRB

bind-devel-32:9.18.33-10.el10_1.2.x86_64.rpm bind-doc-32:9.18.33-10.el10_1.2.noarch.rpm