[ASA-202505-14] bind: denial of service

推荐订阅源

LINUX DO - 热门话题

Stack Overflow Blog

Blog

WordPress大学

Project Zero

Palo Alto Networks Blog

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

小众软件

Microsoft Security Blog

Threat Intelligence Blog | Flashpoint

Fortinet All Blogs

Cisco Talos Blog

Google Developers Blog

Java Code Geeks

Google DeepMind News

人人都是产品经理

CTFtime.org: upcoming CTF events

Hackread – Cybersecurity News, Data Breaches, AI and More

Cybersecurity and Infrastructure Security Agency CISA

Securelist

Vulnerabilities – Threatpost

IT之家

cs.AI updates on arXiv.org

Security @ Cisco Blogs

Cyberwarzone

The Blog of Author Tim Ferriss

Arch Linux Security Advisories

[ASA-202506-6] python-django: content spoofing - Arch Linux [ASA-202506-5] konsole: arbitrary code execution [ASA-202506-4] go: multiple issues - Arch Linux [ASA-202506-3] samba: access restriction bypass [ASA-202506-2] curl: denial of service [ASA-202506-1] roundcubemail: arbitrary code execution [ASA-202505-15] ghostscript: information disclosure - Arch Linux [ASA-202505-13] varnish: content spoofing - Arch Linux [ASA-202505-12] go: directory traversal - Arch Linux [ASA-202505-11] freetype2: arbitrary code execution [ASA-202505-10] python-django: denial of service [ASA-202505-9] dropbear: arbitrary command execution [ASA-202505-8] nodejs-lts-iron: multiple issues - Arch Linux [ASA-202505-7] nodejs-lts-jod: denial of service

[ASA-202505-14] bind: denial of service

Arch Linux S · 2025-05-22 · via Arch Linux Security Advisories

ASA-202505-14 log generated external raw

[ASA-202505-14] bind: denial of service
Arch Linux Security Advisory ASA-202505-14 ========================================== Severity: High Date : 2025-05-21 CVE-ID : CVE-2025-40775 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2881 Summary ======= The package bind before version 9.20.9-1 is vulnerable to denial of service. Resolution ========== Upgrade to 9.20.9-1. # pacman -Syu "bind>=9.20.9-1" The problem has been fixed upstream in version 9.20.9. Workaround ========== None. Description =========== When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. Impact ====== A remote attacker can send a specially crafted DNS request leading to a denial of service. References ========== https://kb.isc.org/docs/cve-2025-40775 https://downloads.isc.org/isc/bind9/9.20.9/doc/arm/html/notes.html#security-fixes https://security.archlinux.org/CVE-2025-40775

[ASA-202505-14] bind: denial of service

Arch Linux Security Advisory ASA-202505-14 ========================================== Severity: High Date : 2025-05-21 CVE-ID : CVE-2025-40775 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2881 Summary ======= The package bind before version 9.20.9-1 is vulnerable to denial of service. Resolution ========== Upgrade to 9.20.9-1. # pacman -Syu "bind>=9.20.9-1" The problem has been fixed upstream in version 9.20.9. Workaround ========== None. Description =========== When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. Impact ====== A remote attacker can send a specially crafted DNS request leading to a denial of service. References ========== https://kb.isc.org/docs/cve-2025-40775 https://downloads.isc.org/isc/bind9/9.20.9/doc/arm/html/notes.html#security-fixes https://security.archlinux.org/CVE-2025-40775

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。