ELSA-2025-21111

ELSA-2025-21111 - bind9.18 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-11-25

Description

[32:9.18.29-5.2]
- Fix upstream reported regression in recent CVE fix (CVE-2025-8677)
- Add upstream created test to this regression

[32:9.18.29-5.1]
- Refuse malformed DNSKEY records (CVE-2025-8677)
- Address various spoofing attacks (CVE-2025-40778)
- Prevent cache poisoning due to weak PRNG (CVE-2025-40780)

[32:9.18.29-5]
- logrotate: skip if empty and remove old variants (RHEL-113942)

Related CVEs

CVE-2025-40778

CVE-2025-40780

CVE-2025-8677

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	bind9.18-9.18.29-5.el9_7.2.src.rpm	c4a59ba2ddfd986a4c14e336aedfe9c7067d3cd30ecde041f16a96946de61238	-	ol9_aarch64_appstream
	bind9.18-9.18.29-5.el9_7.2.src.rpm	c4a59ba2ddfd986a4c14e336aedfe9c7067d3cd30ecde041f16a96946de61238	-	ol9_aarch64_codeready_builder
	bind9.18-9.18.29-5.el9_7.2.aarch64.rpm	5ff8e9d7599636879d664ba0d2943cee477c7a538543f74703db72757aadd15a	-	ol9_aarch64_appstream
	bind9.18-chroot-9.18.29-5.el9_7.2.aarch64.rpm	151cffe38bc4f5f13f04f3fbc1bf41e007cc3d25d6a144260147d3a6ff5eb10c	-	ol9_aarch64_appstream
	bind9.18-devel-9.18.29-5.el9_7.2.aarch64.rpm	bb6faaa80b302ade7b858bbc3df2229237c341fa37ab2048c6f1c5e48363ab39	-	ol9_aarch64_codeready_builder
	bind9.18-dnssec-utils-9.18.29-5.el9_7.2.aarch64.rpm	1c9c3697b7cc74008808650db1ffc6275ddc28e141a529aee63b609999dc0851	-	ol9_aarch64_appstream
	bind9.18-doc-9.18.29-5.el9_7.2.noarch.rpm	e8f1f7988f487f60b0888fdc828c6061ee11fb6dcc2649595ebdc65934b6303c	-	ol9_aarch64_codeready_builder
	bind9.18-libs-9.18.29-5.el9_7.2.aarch64.rpm	406d7963c6fb0cd119985d3b0e36c46ae03676cd02b3ef71f495a69898fe903d	-	ol9_aarch64_appstream
	bind9.18-utils-9.18.29-5.el9_7.2.aarch64.rpm	412849a69b9ea6e44ec3075fff2835c2c37fd422ea223b884b83a80dbc41f2ee	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	bind9.18-9.18.29-5.el9_7.2.src.rpm	c4a59ba2ddfd986a4c14e336aedfe9c7067d3cd30ecde041f16a96946de61238	-	ol9_x86_64_appstream
	bind9.18-9.18.29-5.el9_7.2.src.rpm	c4a59ba2ddfd986a4c14e336aedfe9c7067d3cd30ecde041f16a96946de61238	-	ol9_x86_64_codeready_builder
	bind9.18-9.18.29-5.el9_7.2.x86_64.rpm	60de7fd490369a6b74798405e2526c2b1e3e726016897c96bd29825e538901ab	-	ol9_x86_64_appstream
	bind9.18-chroot-9.18.29-5.el9_7.2.x86_64.rpm	4aed344617fe8e9a77b2be29ef941894bdcc61e04613678f3135eb5e5688e326	-	ol9_x86_64_appstream
	bind9.18-devel-9.18.29-5.el9_7.2.i686.rpm	c6a853a5512edd8f7976c8da2a226461a1686301d37c90da0f03f1e39526c873	-	ol9_x86_64_codeready_builder
	bind9.18-devel-9.18.29-5.el9_7.2.x86_64.rpm	b1f8490ccdfe7258ab1d6b93e2141fbf1dea1c87f894ba9e9f275ac4e55c0b25	-	ol9_x86_64_codeready_builder
	bind9.18-dnssec-utils-9.18.29-5.el9_7.2.x86_64.rpm	dc45114687ea7699224736c672f3786c4adf046e22ee7e9d18230238b0461395	-	ol9_x86_64_appstream
	bind9.18-doc-9.18.29-5.el9_7.2.noarch.rpm	e8f1f7988f487f60b0888fdc828c6061ee11fb6dcc2649595ebdc65934b6303c	-	ol9_x86_64_codeready_builder
	bind9.18-libs-9.18.29-5.el9_7.2.i686.rpm	b4384adb5922151ddb46911c084de69a488d686d8dfef6c07cffa45461ef4e94	-	ol9_x86_64_codeready_builder
	bind9.18-libs-9.18.29-5.el9_7.2.x86_64.rpm	a6b3492168c64348e56e6d6ef54f5dfddaaeb55f31842c6f0419679b643bb6e0	-	ol9_x86_64_appstream
	bind9.18-utils-9.18.29-5.el9_7.2.x86_64.rpm	7c9a5e4fb47ddeb091ccc2ab1b0ba3af383140fb831e82a4c6728cbf713706e2	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team