[manjaro-security] [ASA-202505-14] bind: denial of service
Andrea Denisse
denisse at archlinux.org
Wed May 28 01:41:33 CEST 2025
Arch Linux Security Advisory ASA-202505-14
==========================================
Severity: High
Date : 2025-05-21
CVE-ID : CVE-2025-40775
Package : bind
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-2881
Summary
=======
The package bind before version 9.20.9-1 is vulnerable to denial of
service.
Resolution
==========
Upgrade to 9.20.9-1.
# pacman -Syu "bind>=9.20.9-1"
The problem has been fixed upstream in version 9.20.9.
Workaround
==========
None.
Description
===========
When an incoming DNS protocol message includes a Transaction Signature
(TSIG), BIND always checks it. If the TSIG contains an invalid value in
the algorithm field, BIND immediately aborts with an assertion failure.
Impact
======
A remote attacker can send a specially crafted DNS request leading to a
denial of service.
References
==========
https://kb.isc.org/docs/cve-2025-40775
https://downloads.isc.org/isc/bind9/9.20.9/doc/arm/html/notes.html#security-fixes
https://security.archlinux.org/CVE-2025-40775
More information about the manjaro-security
mailing list