Red Hat Product Errata RHSA-2025:21111 - Security Advisory
Issued:
2025-11-12
Updated:
2025-11-12

RHSA-2025:21111 - Security Advisory

Synopsis

Important: bind9.18 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for bind9.18 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.

Security Fix(es):

  • bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
  • bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
  • bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2405827 - CVE-2025-40778 bind: Cache poisoning attacks with unsolicited RRs
  • BZ - 2405829 - CVE-2025-40780 bind: Cache poisoning due to weak PRNG
  • BZ - 2405830 - CVE-2025-8677 bind: Resource exhaustion via malformed DNSKEY handling

Red Hat Enterprise Linux for x86_64 9

SRPM
bind9.18-9.18.29-5.el9_7.2.src.rpm SHA-256: 665ab347e89675e58843d0c741bb74ed5e4d6b4a84b3e65f7721b0b899c209fe
x86_64
bind9.18-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 4deef87490e9afefbeb6fd9d6bf54610071294af109badc639add76526b486fa
bind9.18-chroot-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 6750ece118b79b300b8ddefb10646babbfb396d74356c96d0012df094e0b6183
bind9.18-debuginfo-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 0337483f743c8cd906ce78e238524178a8cdb4845854950867def4f8c8d829fb
bind9.18-debugsource-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: d50aaea936fe2dff2c179d5f5ac9bb2989577aa053e776126a7a35cf8099e542
bind9.18-dnssec-utils-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: e9f3d0c68c0cf82e792e77283898cce62127b6a601c61abcf0838774410b64aa
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 720447d843675d27db52913fadb7ca3e50e641cb5833edfeb14f863399e9c28b
bind9.18-libs-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: cb5c36f8f8a166dfe47dfc8a83232d662031c1b987b328fbe64f0045b65b72ba
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 6e6b5d50e664ebcb60c84d2cd09022d6a734b5ecf66e332e8cdde8f2112384e7
bind9.18-utils-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 473473aea007191c67b77401cf03eaaa8cdbc268d7b3690290cd0fc264929e19
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: edfed7be04ab1fe16cf5b6959bf1d814098f2a5da27339387f30698a0bfadf32

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
bind9.18-9.18.29-5.el9_7.2.src.rpm SHA-256: 665ab347e89675e58843d0c741bb74ed5e4d6b4a84b3e65f7721b0b899c209fe
s390x
bind9.18-9.18.29-5.el9_7.2.s390x.rpm SHA-256: f1ca180749ad26b8d0bd529934231ffd85a5208f765ebf0e95fda445d8d69c5d
bind9.18-chroot-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 629da0a07ab374d6183e24e9f401a0d6eb3b3cf1881bb9306acde4c2983d95ce
bind9.18-debuginfo-9.18.29-5.el9_7.2.s390x.rpm SHA-256: f20feb82a2e2b9181c6d37e8bc54785fb75e02ce2ba18ce60cb28327fc4e3cd2
bind9.18-debugsource-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 2856bd6c18e7430454f13744cc7ae0797c04c16d7eb01a0d5e31f6d315bafc46
bind9.18-dnssec-utils-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 4ff4527e6768d08c71a0ce34fb4c5a79fcecd93fefe048e6e6cfa1072ce0ca7e
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 5c9b0f1dcfcf7693e226ed70ef7d89df2ae9b9990fed8e6713f604f41bf4915a
bind9.18-libs-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 266492b5e9f46799ec3f21ff93676126fe1cff3016360fc84b10f24142f76ccc
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.s390x.rpm SHA-256: edf248316c057f01927cb51e6b3afedaaf05a4dc8339217b5e8198a3b43c0cb3
bind9.18-utils-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 5351945b67d24918053aeea7c7b94441f4a8f502fd1d9c4c8529ea9c1e7cf887
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.s390x.rpm SHA-256: cdaa6094a092fdef452055b4573af5b1cbf08442884363313330047b754c8f81

Red Hat Enterprise Linux for Power, little endian 9

SRPM
bind9.18-9.18.29-5.el9_7.2.src.rpm SHA-256: 665ab347e89675e58843d0c741bb74ed5e4d6b4a84b3e65f7721b0b899c209fe
ppc64le
bind9.18-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 5d4c3f70b40183d41dccd4e6b3ff9b7fc1970ed9986eef5a157adf3dfe513882
bind9.18-chroot-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: b372da763bb167c10af6b92a51a91773a86ebd026bf17db4601004c551e8f542
bind9.18-debuginfo-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: c12efe2569f680c6159bea84c4750190bcb3905c7359eb00a043240deb6ff092
bind9.18-debugsource-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: ce8112c7d47a46469127a0b5fedd00862d378896e080db917aa545ae08abf57a
bind9.18-dnssec-utils-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 442287940bb41b5f3cd6d4c0bb3c26662a6fb8ff518826969f90ddddaf6ee786
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 082409e2c577902e6cedc4172c2eb8c3609c5994901a621843448518e0671960
bind9.18-libs-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: b8d88fc208b45ecc5e89b3605d0cde3e76d8d6b367477b0059a39bedf2fb08b2
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 08b3f3de0abdbad56a4b303cf41027b82d57245c29769741cc645f3dac7f9bee
bind9.18-utils-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 3a5853009466f86afb1f20340be1ffd30e5bd655aab3a16873bb0c155e9ab68e
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 91bdb1863b13f62ca095a4cdf8d04ba4fe52a1acb7355e46d9349a613a3c3866

Red Hat Enterprise Linux for ARM 64 9

SRPM
bind9.18-9.18.29-5.el9_7.2.src.rpm SHA-256: 665ab347e89675e58843d0c741bb74ed5e4d6b4a84b3e65f7721b0b899c209fe
aarch64
bind9.18-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: cf43fb17157ab3c7060aaff28fd540c5d9db5d6c08b2475e100fe2e7059c521c
bind9.18-chroot-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: acf0f0da53b7cb5472b53d589c6bc08e530152a8e32588da91839d44453a7664
bind9.18-debuginfo-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: 676a1d351f6cc08165ed9dcaf441d78a1376f5a82cd86985c1aab06b67a0ddb2
bind9.18-debugsource-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: af894510be9b686eaafb3f6e4817e0839596060a1dee28258de3088916421830
bind9.18-dnssec-utils-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: 0b4221e4ceccb99d747d5e4e4f76bf325ee64a733bb3ffead1fea27f10cc8f70
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: ba28930996780720cdeab374f62ea3caea083d6fd9ab6bf3a7761a8c436877ff
bind9.18-libs-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: 0b5b89397c98d25d41db5ffb2c67b5f423dd21adc08a9d0664f8acdffee70785
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: fb81f9b026c7620956712c52275c1fb0e5d70e71dfc7625a1a555e43658d15ef
bind9.18-utils-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: c18a89d0f06e0fb97c49077eed6710fa11f642d5db6a9c26c38d8865d20a2b1f
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: e4af6f544f80d69f3f393e7720c0bd7eb7cd02f3d02833005fec92ae9d67a08d

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
bind9.18-debuginfo-9.18.29-5.el9_7.2.i686.rpm SHA-256: 075f905f71242c841d2a8f19890bb992b117c4cd8c3694b3be4806826635f3ae
bind9.18-debuginfo-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 0337483f743c8cd906ce78e238524178a8cdb4845854950867def4f8c8d829fb
bind9.18-debugsource-9.18.29-5.el9_7.2.i686.rpm SHA-256: 8b5cdd80b1536713f4caf82be8a6202be38eee1a058da12be32eff1b08263d57
bind9.18-debugsource-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: d50aaea936fe2dff2c179d5f5ac9bb2989577aa053e776126a7a35cf8099e542
bind9.18-devel-9.18.29-5.el9_7.2.i686.rpm SHA-256: afa1b78ad5a3fe7d81def03b5f4a74047f19ae2baad07187e00a4db8036a9a9b
bind9.18-devel-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: e145cf93310fcaa643ce298c33df471ab924d350e842bb914ebb7924f4df609f
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.i686.rpm SHA-256: 39c24004f38cef059212b718d85094e0a55925b769c85965b3844bfa26bf9acf
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 720447d843675d27db52913fadb7ca3e50e641cb5833edfeb14f863399e9c28b
bind9.18-doc-9.18.29-5.el9_7.2.noarch.rpm SHA-256: 22d28c61dd75547c2a4776e77f55d547ea5088155b2b33f83c579e2bf6369d67
bind9.18-libs-9.18.29-5.el9_7.2.i686.rpm SHA-256: a9446af3d00dc0f7ef736d9e7cb01da2b1666f7d88fc5afca48cad1be5f33e30
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.i686.rpm SHA-256: 65fc63edfe8127778d8f11fb7c8aa8835d6b4332254a9ca43d82cb0bfa3f96fd
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: 6e6b5d50e664ebcb60c84d2cd09022d6a734b5ecf66e332e8cdde8f2112384e7
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.i686.rpm SHA-256: 5e51e826ee29d40da735ed1e48e6b81d8ab1b8eeac583b1d00564a88468990e8
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.x86_64.rpm SHA-256: edfed7be04ab1fe16cf5b6959bf1d814098f2a5da27339387f30698a0bfadf32

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
ppc64le
bind9.18-debuginfo-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: c12efe2569f680c6159bea84c4750190bcb3905c7359eb00a043240deb6ff092
bind9.18-debugsource-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: ce8112c7d47a46469127a0b5fedd00862d378896e080db917aa545ae08abf57a
bind9.18-devel-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: c4d9d08a3bdcfd7144a70ddae936078d65248000d1a831a97a1000398a3586e0
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 082409e2c577902e6cedc4172c2eb8c3609c5994901a621843448518e0671960
bind9.18-doc-9.18.29-5.el9_7.2.noarch.rpm SHA-256: 22d28c61dd75547c2a4776e77f55d547ea5088155b2b33f83c579e2bf6369d67
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 08b3f3de0abdbad56a4b303cf41027b82d57245c29769741cc645f3dac7f9bee
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.ppc64le.rpm SHA-256: 91bdb1863b13f62ca095a4cdf8d04ba4fe52a1acb7355e46d9349a613a3c3866

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
aarch64
bind9.18-debuginfo-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: 676a1d351f6cc08165ed9dcaf441d78a1376f5a82cd86985c1aab06b67a0ddb2
bind9.18-debugsource-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: af894510be9b686eaafb3f6e4817e0839596060a1dee28258de3088916421830
bind9.18-devel-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: 4e4b864f7e6292da9e1bfa9461c7022e8b9b70199e84bd59a298c3fced8e5b23
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: ba28930996780720cdeab374f62ea3caea083d6fd9ab6bf3a7761a8c436877ff
bind9.18-doc-9.18.29-5.el9_7.2.noarch.rpm SHA-256: 22d28c61dd75547c2a4776e77f55d547ea5088155b2b33f83c579e2bf6369d67
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: fb81f9b026c7620956712c52275c1fb0e5d70e71dfc7625a1a555e43658d15ef
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.aarch64.rpm SHA-256: e4af6f544f80d69f3f393e7720c0bd7eb7cd02f3d02833005fec92ae9d67a08d

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
s390x
bind9.18-debuginfo-9.18.29-5.el9_7.2.s390x.rpm SHA-256: f20feb82a2e2b9181c6d37e8bc54785fb75e02ce2ba18ce60cb28327fc4e3cd2
bind9.18-debugsource-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 2856bd6c18e7430454f13744cc7ae0797c04c16d7eb01a0d5e31f6d315bafc46
bind9.18-devel-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 6833ffe284fce91c8da677877256b64b3458d46b63c3aba11b9677ce8c90a2b2
bind9.18-dnssec-utils-debuginfo-9.18.29-5.el9_7.2.s390x.rpm SHA-256: 5c9b0f1dcfcf7693e226ed70ef7d89df2ae9b9990fed8e6713f604f41bf4915a
bind9.18-doc-9.18.29-5.el9_7.2.noarch.rpm SHA-256: 22d28c61dd75547c2a4776e77f55d547ea5088155b2b33f83c579e2bf6369d67
bind9.18-libs-debuginfo-9.18.29-5.el9_7.2.s390x.rpm SHA-256: edf248316c057f01927cb51e6b3afedaaf05a4dc8339217b5e8198a3b43c0cb3
bind9.18-utils-debuginfo-9.18.29-5.el9_7.2.s390x.rpm SHA-256: cdaa6094a092fdef452055b4573af5b1cbf08442884363313330047b754c8f81

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.