ELSA-2025-21034

ELSA-2025-21034 - bind security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-12-02

Description

[9.18.33-10.0.1]
- Fix warning when changing device file permissions [Orabug: 36518580]

[32:9.18.33-10.2]
- Fix upstream reported regression in recent CVE fix (CVE-2025-8677)

[32:9.18.33-10.1]
- Refuse malformed DNSKEY records (CVE-2025-8677)
- Address various spoofing attacks (CVE-2025-40778)
- Prevent cache poisoning due to weak PRNG (CVE-2025-40780)

[32:9.18.33-10]
- Fix failures in idna system test (RHEL-66172)

[32:9.18.33-9]
- Decode IDN names on input in all situations in utilities (RHEL-66172)

[32:9.18.33-8]
- logrotate: skip if empty and remove old variants (RHEL-113942)

[32:9.18.33-7]
- Add runtime tunable limit by environment NAMED_MAXADDITIONAL (RHEL-84006)

[32:9.18.33-6]
- Change additional NS to be served partially (RHEL-84006)

Related CVEs

CVE-2025-40778

CVE-2025-40780

CVE-2025-8677

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 10 (aarch64)	bind-9.18.33-10.0.1.el10_1.2.src.rpm	cc6550644e54ceb3b4ea0dc799c9385256be4c93e9465f9bda7283556bc97ead	-	ol10_aarch64_appstream
	bind-9.18.33-10.0.1.el10_1.2.src.rpm	cc6550644e54ceb3b4ea0dc799c9385256be4c93e9465f9bda7283556bc97ead	-	ol10_aarch64_codeready_builder
	bind-9.18.33-10.0.1.el10_1.2.aarch64.rpm	bcfc2dfd660322092ce45d5332290fb349216353eb055994de5122d0178f9d9d	-	ol10_aarch64_appstream
	bind-chroot-9.18.33-10.0.1.el10_1.2.aarch64.rpm	56cdbc003dabebfcef18b8d0257fe0b6b8e928472ac922308489baa4619a0f15	-	ol10_aarch64_appstream
	bind-devel-9.18.33-10.0.1.el10_1.2.aarch64.rpm	0591494176f99719338dab3a28357ddb8dec9c6565c28fc7bcc918ad4430c5cb	-	ol10_aarch64_codeready_builder
	bind-dnssec-utils-9.18.33-10.0.1.el10_1.2.aarch64.rpm	5b635e8ca7c9d772e063469fed7c25c2761a42109e84b2ce21b669c1fd81cf4e	-	ol10_aarch64_appstream
	bind-doc-9.18.33-10.0.1.el10_1.2.noarch.rpm	76da7f33f13bddc109cc74e679db02538bf85716a9cccd0e7ff2e1a72455ff27	-	ol10_aarch64_codeready_builder
	bind-libs-9.18.33-10.0.1.el10_1.2.aarch64.rpm	b395c879b2c0fdf2357ce8786fffeeac9f6408f5401ccf03e4b0ac6a8604f471	-	ol10_aarch64_appstream
	bind-license-9.18.33-10.0.1.el10_1.2.noarch.rpm	4381a07b0cf45f1382de723cb56b124349d2ea753d5d2a79699a3c6cece1176e	-	ol10_aarch64_appstream
	bind-utils-9.18.33-10.0.1.el10_1.2.aarch64.rpm	a468336a1566f7ed3368aea7ade86e533ebcc7d668ad21ecd172893563c78911	-	ol10_aarch64_appstream
Oracle Linux 10 (x86_64)	bind-9.18.33-10.0.1.el10_1.2.src.rpm	cc6550644e54ceb3b4ea0dc799c9385256be4c93e9465f9bda7283556bc97ead	-	ol10_x86_64_appstream
	bind-9.18.33-10.0.1.el10_1.2.src.rpm	cc6550644e54ceb3b4ea0dc799c9385256be4c93e9465f9bda7283556bc97ead	-	ol10_x86_64_codeready_builder
	bind-9.18.33-10.0.1.el10_1.2.x86_64.rpm	f9232b05a8bce77f6f4856eada3d8e20934748cf94fdc708c7fe4f905a62161f	-	ol10_x86_64_appstream
	bind-chroot-9.18.33-10.0.1.el10_1.2.x86_64.rpm	d85c4c764722c66cb791e3b8faaa9cb9a7e7558432466b86940054c9d32de162	-	ol10_x86_64_appstream
	bind-devel-9.18.33-10.0.1.el10_1.2.x86_64.rpm	c146c46461b9e42a0ce208b5a455bb2d7a2d98996348aa3f4182cf0329540fb5	-	ol10_x86_64_codeready_builder
	bind-dnssec-utils-9.18.33-10.0.1.el10_1.2.x86_64.rpm	66133132d7689f5c8dd46bb0e627d14a85feaaa1a101901fea952e7d0d7a72ee	-	ol10_x86_64_appstream
	bind-doc-9.18.33-10.0.1.el10_1.2.noarch.rpm	76da7f33f13bddc109cc74e679db02538bf85716a9cccd0e7ff2e1a72455ff27	-	ol10_x86_64_codeready_builder
	bind-libs-9.18.33-10.0.1.el10_1.2.x86_64.rpm	c217b9e58435513eab997666a8c44a9bbe592ca029dd43720bc5a7ddc9d69827	-	ol10_x86_64_appstream
	bind-license-9.18.33-10.0.1.el10_1.2.noarch.rpm	4381a07b0cf45f1382de723cb56b124349d2ea753d5d2a79699a3c6cece1176e	-	ol10_x86_64_appstream
	bind-utils-9.18.33-10.0.1.el10_1.2.x86_64.rpm	29e2b64513409862b8bb0fc8fc0573d9ef2652da7bb999524b8831420c888ae9	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team