oss-sec mailing list archives
ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777)
From: "Everett B. Fulton" <ebf () isc org>
Date: Wed, 16 Jul 2025 12:25:29 -0500
On 16 July 2025 we (Internet Systems Consortium) disclosed one vulnerability affecting our BIND 9 software:
- CVE-2025-40777: A possible assertion failure when 'stale-answer-client-timeout' is set to '0' https://kb.isc.org/docs/cve-2025-40777
New versions of BIND 9 are available from https://www.isc.org/downloadsOperators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of each published release directory:
- https://downloads.isc.org/isc/bind9/9.20.11/patches/ - https://downloads.isc.org/isc/bind9/9.21.10/patches/With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released.
Current thread:
- ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777) Everett B. Fulton (Jul 16)