ALSA-2025:19912
See a problem?- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:19912.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2025:19912
- Related
- Published
- 2025-11-06T00:00:00Z
- Modified
- 2025-11-28T11:05:16.866511Z
- Summary
- Important: bind security update
- Details
-
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
- bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
- bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
- bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2025:19912
- https://access.redhat.com/security/cve/CVE-2025-40778
- https://access.redhat.com/security/cve/CVE-2025-40780
- https://access.redhat.com/security/cve/CVE-2025-8677
- https://bugzilla.redhat.com/2405827
- https://bugzilla.redhat.com/2405829
- https://bugzilla.redhat.com/2405830
- https://errata.almalinux.org/10/ALSA-2025-19912.html
Affected packages
AlmaLinux:10 / bind-doc
Package
- Name
- bind-doc
- Purl
- pkg:rpm/almalinux/bind-doc