|
|
Subscribe / Log in / New account

Ubuntu alert USN-7526-1 (bind9)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-7526-1] Bind vulnerability


Date:
              Wed, 21 May 2025 12:38:55 -0400


Message-ID:
              <97167abb-55b0-461f-acad-42e681873e88@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7526-1
May 21, 2025

bind9 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10

Summary:

Bind could be made to crash if it received specially crafted network
traffic.

Software Description:
- bind9: Internet Domain Name Server

Details:

It was discovered that Bind incorrectly handled certain DNS messages with
invalid TSIG. A remote attacker could possibly use this issue to cause Bind
to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
   bind9                           1:9.20.4-3ubuntu1.1

Ubuntu 24.10
   bind9                           1:9.20.0-2ubuntu3.2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7526-1
   CVE-2025-40775

Package Information:
   https://launchpad.net/ubuntu/+source/bind9/1:9.20.4-3ubun...
   https://launchpad.net/ubuntu/+source/bind9/1:9.20.0-2ubun...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmguAZ8FAwAAAAAACgkQZWnYVadEvpME
Cg/+N8l4jJZznPTqjY9+zAOrRxzEWCLiP8ysSD5tZKQUZYOccLitDou4ZnDVrpRIgN5SbYwFI7c+
0nAwnW16K6bRVJLZk3l4uH507ptb/me5A2eGJyJS+RQPYIHCp9OIioHO11RKzf+9k9YX3QS1Bxa4
jfRCZYiyA4sO3oGjo3sJDIATucoCVgoIaO2H9ixowyvxHroLBjgHfXdCAb39Z/GSvQPCI7KX4Imh
EpsZa0MUh1YreMtLHlkIflnWSTe5YWnCfDtBMBM76mbjd5TkIQYe/tjURjZeVP7lNHHp5SgZFkrh
ArBM65i9xoQaoTWcumO8Hbqy2OWfGAqIHopV+j8+Y6UW1uD+MAN3k7Yu+T3vyRT1E/U1ESb1030p
BEzp2xktCFOVC5Wo0ATF3rKvV94SGidQzwuXzeaczBlJ/+xMQz+oLlWOnFUNOe40CEztlnegwiLr
GtkvA8C4s/sZyHm/Mr2vT9qp6e4bAUSZZRDCN1w5wwb9WFPK73KjChARVptbGSpa9NjoH3bl15+W
YxQG6mkXTlGJucEV+eOE3yPDoTo5JBWG/KJr1hfYVKpmREb0/MTr12wfbVbs90IpVdvfs4Wsx/gW
key1ds9eYw5q1/GoAKfMhiOA3xnAQimg785aiQTU4qmWzg5tKoe/fw5Pgf9o4SZPp7xmBKL8VIrA
rNY=
=SOks
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds