Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <aXDlG898Su9X3Wbc@larwa.hq.kempniu.pl>
Date: Wed, 21 Jan 2026 15:39:23 +0100
From: Michał Kępień <michal@....org>
To: oss-security@...ts.openwall.com
Cc: security-officer@....org
Subject: ISC has disclosed one vulnerability in BIND 9 (CVE-2025-13878)

On 21 January 2026, Internet Systems Consortium disclosed one vulnerability affecting our BIND 9 software:

- CVE-2025-13878:       Malformed BRID/HHIT records can cause named to terminate unexpectedly https://kb.isc.org/docs/cve-2025-13878

New versions of BIND 9 are available:

- https://downloads.isc.org/isc/bind9/9.18.44/
- https://downloads.isc.org/isc/bind9/9.20.18/
- https://downloads.isc.org/isc/bind9/9.21.17/

Operators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of each above directory.

For more information and other release formats, consult the ISC software download page: https://www.isc.org/download/

With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released.

-- 
Best regards,
Michał Kępień

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.