oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

ISC has disclosed one vulnerability in BIND 9 (CVE-2025-13878)

From: Michał Kępień <michal () isc org>
Date: Wed, 21 Jan 2026 15:39:23 +0100
On 21 January 2026, Internet Systems Consortium disclosed one vulnerability affecting our BIND 9 software:

- CVE-2025-13878:       Malformed BRID/HHIT records can cause named to terminate unexpectedly 
https://kb.isc.org/docs/cve-2025-13878

New versions of BIND 9 are available:

- https://downloads.isc.org/isc/bind9/9.18.44/
- https://downloads.isc.org/isc/bind9/9.20.18/
- https://downloads.isc.org/isc/bind9/9.21.17/

Operators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific 
patches in the "patches" subdirectory of each above directory.

For more information and other release formats, consult the ISC software download page: https://www.isc.org/download/

With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages 
that have been prepared may be released.

-- 
Best regards,
Michał Kępień
Previous By Date Next
Previous By Thread Next

Current thread: