Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4e37271c-6fd1-4717-9220-55fc583958fe@isc.org>
Date: Wed, 16 Jul 2025 12:25:29 -0500
From: "Everett B. Fulton" <ebf@....org>
To: oss-security@...ts.openwall.com
Cc: security-officer@....org
Subject: ISC has disclosed one vulnerability in BIND 9 (CVE-2025-40777)

On 16 July 2025 we (Internet Systems Consortium) disclosed one 
vulnerability affecting our BIND 9 software:

- CVE-2025-40777:       A possible assertion failure when 
'stale-answer-client-timeout' is set to '0' 
https://kb.isc.org/docs/cve-2025-40777

New versions of BIND 9 are available from https://www.isc.org/downloads

Operators and package maintainers who prefer to apply patches 
selectively can find individual vulnerability-specific patches in the 
"patches" subdirectory of each published release directory:

- https://downloads.isc.org/isc/bind9/9.20.11/patches/
- https://downloads.isc.org/isc/bind9/9.21.10/patches/

With the public announcement of these vulnerabilities, the embargo 
period is ended and any updated software packages that have been 
prepared may be released.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.