[SECURITY] [DSA 6033-1] bind9 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6033-1] bind9 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 23 Oct 2025 18:16:21 +0000
Message-id: <[🔎] aPpw9c1YiLA8UfLt@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6033-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 23, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bind9
CVE ID         : CVE-2025-8677 CVE-2025-40778 CVE-2025-40780

Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in cache poisoning or denial of service.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:9.18.41-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 1:9.20.15-1~deb13u1.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bind9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmj6b4YACgkQEMKTtsN8
TjarWBAAlblEG5e8yB7mbYyaavaAx7zM+v0HQCcA3K2LiwdCo33upsGYuEsKYzNq
ftjvZ9WXsZ+9Bi2ld+LjxK7KL1N9Ctx2jbSqXcq8w3K7dDnMi/q88uBaBk01El18
l3IYiMsxTinV+pMap4vnNdVEGxfpCKHfkfrKDc+eHzTtu8vdkXTj6O3w47BGK7kG
45QaoxR884JD11Rp7+3pfzXA8oG8jjuxjWnpglP4YcfioHO0OLwtakjbJN9wZS/X
8F2NIE1e67G8VBcZD2/HIqk/uotTmOSrApJC9CuAwWO6E6/tFMbqpQ8jJYjManQE
xCaaiC/WNK6iFId63a7F4LHllHY9kCXuXWFTh/vdpE1qxkOh79kSOCFrN0iEtPSZ
9K8hHUq2wnbecKrQs4bvgLwZw6zZfMWg5nvAShnH0VhZt0jrC8GEaJKHFeALqILl
ra8FHkk1Gt52pA7eELQDWOUXB0RfrjSt878iAosK3j2OlOqQYM/MOkqC/lv1Sez8
/pxcxDHv5dOItt+n91RgEsEA7Qgu7TjbeyBFcPBmo1rd3Lh0XiW5qq6O45k9kKeo
MciXxOzDkFOC9qWqdRmS5zGCfAHnLDmMQiUOlBa/Wxh8urlx1uADsGtAhVM6z868
aZGCTfc+iUwcuX/JJwGnchWXmw2GHWfHYytpDSNqPhHnWWk14Qs=
=RzbT
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6032-1] request-tracker4 security update
Next by Date: [SECURITY] [DSA 6034-1] tryton-sao security update
Previous by thread: [SECURITY] [DSA 6032-1] request-tracker4 security update
Next by thread: [SECURITY] [DSA 6034-1] tryton-sao security update
Index(es):
- Date
- Thread