Issued:: 2025-11-11
Updated:: 2025-11-11

RHSA-2025:21034 - Security Advisory

Overview
Updated Packages

Synopsis

Important: bind security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for bind is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 10 x86_64
Red Hat Enterprise Linux for IBM z Systems 10 s390x
Red Hat Enterprise Linux for Power, little endian 10 ppc64le
Red Hat Enterprise Linux for ARM 64 10 aarch64
Red Hat CodeReady Linux Builder for x86_64 10 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x

Fixes

BZ - 2405827 - CVE-2025-40778 bind: Cache poisoning attacks with unsolicited RRs
BZ - 2405829 - CVE-2025-40780 bind: Cache poisoning due to weak PRNG
BZ - 2405830 - CVE-2025-8677 bind: Resource exhaustion via malformed DNSKEY handling

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 10

SRPM
bind-9.18.33-10.el10_1.2.src.rpm	SHA-256: 699618d6a7b5cac4508382500d82a397b013c080f962e4a8e98027791aa14ce2
x86_64
bind-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: dfccf91905068c54bc283ccd74c196309abe31a44bb80f4b145dfba85114fbdd
bind-chroot-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 4f6aa77420d8c0abf607f1d6e273d114ae2e0271ed752329e57dc3bc73390d78
bind-debuginfo-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 7beb0b81445278c11bd9abdd29ce2a9b93eadb160c5306481acebaaf606e639d
bind-debugsource-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 02f679c5f843ce0d5a2dd6c68eefe1b38063b6fa9c7f4a74de9f6310289aea12
bind-dnssec-utils-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 695ea43743ab4660cc873835fe0162efdcb1840961ad76cf1226e75e2b3c5f8e
bind-dnssec-utils-debuginfo-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: b55e7c9d48d4aa9ae9d98b9dd9f2494aa055a94f65a7b46b7239c40b2f2129b3
bind-libs-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 539397f6c34529b23e96162f2781cd5b6ade535e7170075444568250bede36e8
bind-libs-debuginfo-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 486f259c3d7076316a8cea539996e5bed7b99efac166361956cfa21aa6a3ef35
bind-license-9.18.33-10.el10_1.2.noarch.rpm	SHA-256: 8c99cf6e998efad5c6079e5c9b727c6284ed79551109193f37a19f16faeea7a8
bind-utils-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 205ef33b32fce709404b7a52ae2d3d28c1880f7dd7d89492b7b78f40a1c74a9a
bind-utils-debuginfo-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 2afb9303b12b1b38aa4b4b4cb72cf315202b959a4af9dc58578dfc05bd65c796

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
bind-9.18.33-10.el10_1.2.src.rpm	SHA-256: 699618d6a7b5cac4508382500d82a397b013c080f962e4a8e98027791aa14ce2
s390x
bind-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: d407ec8add398ce587138d6924ebabdb94fa64826a6810cc46668eec8c242bf9
bind-chroot-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: a689be041cf5f5f10d6d23bbbf9af2b14af40ab0f16c51b3dc3871f22b4a4754
bind-debuginfo-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: e3a86cef71657c64fcb934da92c347f2c557cfd6005c42a3f3a74a1586a333f7
bind-debugsource-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 26914d2e8667c855745a395f8f069aa6a91af512a54b9cb19a935aba4b79bb36
bind-dnssec-utils-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 6f056acd791b9f738ee8b74adf10d5b01f513f9930d48d9ba9a7f99b5e328863
bind-dnssec-utils-debuginfo-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 33bc0be149ae70d38f4f0631a9912fd5320b00ad62b4928bc4f1173742235a77
bind-libs-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 2f5d3bc8463997d78515750e37f2579afc93d0d8a7db6b0dd9b383c17111c603
bind-libs-debuginfo-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: adb4d289a4a510cc65595b4d6d3002822ce467ef0a63a28dc97886c168d497b6
bind-license-9.18.33-10.el10_1.2.noarch.rpm	SHA-256: 8c99cf6e998efad5c6079e5c9b727c6284ed79551109193f37a19f16faeea7a8
bind-utils-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 5642b3b098ed0f00d307314b1dfe4ec44eae8166b4a42fb4ad7f1806e5caa43b
bind-utils-debuginfo-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 79ef50cb16594c1e74c5fa0af3079cd215c1f299e412e2941089f5342bb902bf

Red Hat Enterprise Linux for Power, little endian 10

SRPM
bind-9.18.33-10.el10_1.2.src.rpm	SHA-256: 699618d6a7b5cac4508382500d82a397b013c080f962e4a8e98027791aa14ce2
ppc64le
bind-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 27733b9c9c0e2b1924e7c7f808a63dfccc887de799d0830c8dec887fd77fca88
bind-chroot-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 6f8cb1efdbcfbf18e5b88c39ff82ab1958da77b6230acfe13a8d6ea32d98f8e0
bind-debuginfo-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 0a3653cfbb7cafe8b4983ca0183d670d5154b51e8cc691ce66656b7ba2340205
bind-debugsource-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: fd7b4a9df64759187269b5055b6471c553727fdd06f4c7c0a3cbb1ad04f86f43
bind-dnssec-utils-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: a8b96491eee2dd07a05fd7f7f6431d44037f29653df9206b309550083cea3dd7
bind-dnssec-utils-debuginfo-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: de4c994ec4a27caadbf342c2f771c8511cd8718a2b7b9552599b502fcbae400f
bind-libs-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 4e4b3449d3632b62fd3c5ecff885dd68e40e4bfe00df40207fe8efe8deb9fc97
bind-libs-debuginfo-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 6f389c60b2bb5de5791e2240807188365b3991b50dfff7173319f2abe52837e6
bind-license-9.18.33-10.el10_1.2.noarch.rpm	SHA-256: 8c99cf6e998efad5c6079e5c9b727c6284ed79551109193f37a19f16faeea7a8
bind-utils-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 75eff85922c69d109ac6c6cc03dac98f6796afb01d717c260354f8a99160bf28
bind-utils-debuginfo-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: c59d376f0789c928bf1b50130efa7494ff3c05fd265cafed91b95ec55477d980

Red Hat Enterprise Linux for ARM 64 10

SRPM
bind-9.18.33-10.el10_1.2.src.rpm	SHA-256: 699618d6a7b5cac4508382500d82a397b013c080f962e4a8e98027791aa14ce2
aarch64
bind-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 0733771fad0814e93236ca88c26c075b599c348aedeabdaa40125090e7d20dab
bind-chroot-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: b0fc555c44d3c0cde43963197bd16f8219d6e300ad4dfb65a8beee40e43ec594
bind-debuginfo-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 8a57fc3c92ccb16e25354bfcc3b6fe6f9113c618dbf645aff572cee853fc6b08
bind-debugsource-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 0270c7d384e8b5323b8f16c3ddf418ae93b499d92bfc0f3d9a3fab123f03104f
bind-dnssec-utils-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 03be02991ba909eb25fc1fb8c5adfa6db4dd775f7c2230f1a942d8d5557c4b99
bind-dnssec-utils-debuginfo-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 62523feed344152619335ad35dae2a1f380e2742c30459bd35eeee3e85ed3919
bind-libs-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 0e4c01d02feff539943387d1c8fbd1f572a49bd2478017fcfe2d6dfd6eb5beff
bind-libs-debuginfo-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 2674c914cdd011ed705eb504a35bd6035c6389568d29aa582347e1cf4a6729bf
bind-license-9.18.33-10.el10_1.2.noarch.rpm	SHA-256: 8c99cf6e998efad5c6079e5c9b727c6284ed79551109193f37a19f16faeea7a8
bind-utils-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: b77ea99bdabc6c7f224bc9397d42a637ac491608047ca33246b9349116989026
bind-utils-debuginfo-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 9ea2a98ac51171d3f72653960f0274dff1a329fd289ac17a04cd53f5df5f4473

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
bind-debuginfo-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 7beb0b81445278c11bd9abdd29ce2a9b93eadb160c5306481acebaaf606e639d
bind-debugsource-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 02f679c5f843ce0d5a2dd6c68eefe1b38063b6fa9c7f4a74de9f6310289aea12
bind-devel-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 0aa6decded5121a4a9040d5d2abc040e5de29c9a8ffa5b8ceb9039667beb49d7
bind-dnssec-utils-debuginfo-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: b55e7c9d48d4aa9ae9d98b9dd9f2494aa055a94f65a7b46b7239c40b2f2129b3
bind-doc-9.18.33-10.el10_1.2.noarch.rpm	SHA-256: 1b55b499093f29f89aced5d057f61edf093f634c5cb4ea4b67a1488e79408d39
bind-libs-debuginfo-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 486f259c3d7076316a8cea539996e5bed7b99efac166361956cfa21aa6a3ef35
bind-utils-debuginfo-9.18.33-10.el10_1.2.x86_64.rpm	SHA-256: 2afb9303b12b1b38aa4b4b4cb72cf315202b959a4af9dc58578dfc05bd65c796

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
bind-debuginfo-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 0a3653cfbb7cafe8b4983ca0183d670d5154b51e8cc691ce66656b7ba2340205
bind-debugsource-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: fd7b4a9df64759187269b5055b6471c553727fdd06f4c7c0a3cbb1ad04f86f43
bind-devel-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 26c0b4953040371806d082f586e600bf9d209c3cbeeb4a9278d785b3a4fcfb4d
bind-dnssec-utils-debuginfo-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: de4c994ec4a27caadbf342c2f771c8511cd8718a2b7b9552599b502fcbae400f
bind-doc-9.18.33-10.el10_1.2.noarch.rpm	SHA-256: 1b55b499093f29f89aced5d057f61edf093f634c5cb4ea4b67a1488e79408d39
bind-libs-debuginfo-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: 6f389c60b2bb5de5791e2240807188365b3991b50dfff7173319f2abe52837e6
bind-utils-debuginfo-9.18.33-10.el10_1.2.ppc64le.rpm	SHA-256: c59d376f0789c928bf1b50130efa7494ff3c05fd265cafed91b95ec55477d980

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
bind-debuginfo-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 8a57fc3c92ccb16e25354bfcc3b6fe6f9113c618dbf645aff572cee853fc6b08
bind-debugsource-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 0270c7d384e8b5323b8f16c3ddf418ae93b499d92bfc0f3d9a3fab123f03104f
bind-devel-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: f572a9f393e8f0c24145a9f4caf78cb8bf222cb58eab16f4bf47236e95738fc8
bind-dnssec-utils-debuginfo-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 62523feed344152619335ad35dae2a1f380e2742c30459bd35eeee3e85ed3919
bind-doc-9.18.33-10.el10_1.2.noarch.rpm	SHA-256: 1b55b499093f29f89aced5d057f61edf093f634c5cb4ea4b67a1488e79408d39
bind-libs-debuginfo-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 2674c914cdd011ed705eb504a35bd6035c6389568d29aa582347e1cf4a6729bf
bind-utils-debuginfo-9.18.33-10.el10_1.2.aarch64.rpm	SHA-256: 9ea2a98ac51171d3f72653960f0274dff1a329fd289ac17a04cd53f5df5f4473

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
bind-debuginfo-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: e3a86cef71657c64fcb934da92c347f2c557cfd6005c42a3f3a74a1586a333f7
bind-debugsource-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 26914d2e8667c855745a395f8f069aa6a91af512a54b9cb19a935aba4b79bb36
bind-devel-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 4e8459e9d399b6289a8f0ea4ed21a15a0874735ba9faf389e383562e90698077
bind-dnssec-utils-debuginfo-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 33bc0be149ae70d38f4f0631a9912fd5320b00ad62b4928bc4f1173742235a77
bind-doc-9.18.33-10.el10_1.2.noarch.rpm	SHA-256: 1b55b499093f29f89aced5d057f61edf093f634c5cb4ea4b67a1488e79408d39
bind-libs-debuginfo-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: adb4d289a4a510cc65595b4d6d3002822ce467ef0a63a28dc97886c168d497b6
bind-utils-debuginfo-9.18.33-10.el10_1.2.s390x.rpm	SHA-256: 79ef50cb16594c1e74c5fa0af3079cd215c1f299e412e2941089f5342bb902bf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation