Fedora 43 Update: bind9-next-9.21.14-2.fc43
Fedora 41 Update: luksmeta-10-1.fc41
Fedora 42 Update: bind9-next-9.21.14-2.fc42
Fedora 42 Update: luksmeta-10-1.fc42
[SECURITY] Fedora 43 Update: bind9-next-9.21.14-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b68f7f541d
2025-11-16 01:19:34.137357+00:00
--------------------------------------------------------------------------------
Name : bind9-next
Product : Fedora 43
Version : 9.21.14
Release : 2.fc43
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to 9.21.14 (rhbz#2394406)
Security Fixes:
DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677)
Address various spoofing attacks. (CVE-2025-40778)
Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780)
New Features:
Add dnssec-policy keys configuration check to named-checkconf.
Add support for synthetic records.
Support for zone-specific plugins.
Support for additional tokens in the zone file name template.
Removed Features:
Remove randomized RRset ordering.
and bug fixes
https://downloads.isc.org/isc/bind9/9.21.14/doc/arm/html/notes.html#notes-for-
bind-9-21-14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.14-2
- Prevent SERVFAIL on dual signed zones with one unsupported signature
(rhbz#2413104)
* Thu Nov 6 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.14-1
- Update to 9.21.14 (rhbz#2394406)
* Tue Oct 7 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.12-4
- Update a bit sample named.conf
* Thu Sep 11 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.12-3
- Meson libs include version in upstream already
* Wed Sep 10 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.12-1
- Update to 9.21.12 (rhbz#2394406)
* Wed Sep 10 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.11-6
- Return back fortify=3 source
* Tue Sep 9 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.11-5
- Remove separate license subpackage
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2394406 - bind9-next-9.21.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2394406
[ 2 ] Bug #2396295 - named-chroot fails to start: isc_dir_chroot: not implemented
https://bugzilla.redhat.com/show_bug.cgi?id=2396295
[ 3 ] Bug #2406399 - CVE-2025-40778 [Severity: High] bind9: Cache poisoning attacks with unsolicited RRs
https://bugzilla.redhat.com/show_bug.cgi?id=2406399
[ 4 ] Bug #2413104 - Regression with disabled algorithms after CVE-2025-8677 fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2413104
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b68f7f541d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: luksmeta-10-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-78747a63cd
2025-11-16 01:16:14.743231+00:00
--------------------------------------------------------------------------------
Name : luksmeta
Product : Fedora 41
Version : 10
Release : 1.fc41
URL : https://github.com/latchset/luksmeta
Summary : Utility for storing small metadata in the LUKSv1 header
Description :
LUKSMeta is a command line utility for storing small portions of metadata in
the LUKSv1 header for use before unlocking the volume.
--------------------------------------------------------------------------------
Update Information:
New upstream release v10
Fix: CVE-2025-11568
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2025 Sergio Correia [scorreia@redhat.com] - 10-1
- New upstream release v10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2404246 - CVE-2025-11568 luksmeta: Data corruption when handling LUKS1 partitions with luksmeta [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2404246
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-78747a63cd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: bind9-next-9.21.14-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d9f9394ecd
2025-11-16 00:54:19.352420+00:00
--------------------------------------------------------------------------------
Name : bind9-next
Product : Fedora 42
Version : 9.21.14
Release : 2.fc42
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to 9.21.14 (rhbz#2394406)
Security Fixes:
DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677)
Address various spoofing attacks. (CVE-2025-40778)
Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780)
New Features:
Add dnssec-policy keys configuration check to named-checkconf.
Add support for synthetic records.
Support for zone-specific plugins.
Support for additional tokens in the zone file name template.
Removed Features:
Remove randomized RRset ordering.
and bug fixes
https://downloads.isc.org/isc/bind9/9.21.14/doc/arm/html/notes.html#notes-for-
bind-9-21-14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.14-2
- Prevent SERVFAIL on dual signed zones with one unsupported signature
(rhbz#2413104)
* Thu Nov 6 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.14-1
- Update to 9.21.14 (rhbz#2394406)
* Thu Nov 6 2025 Petr Men????k [pemensik@redhat.com] - 32:9.21.11-6
- Meson libs include version in upstream already
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2394406 - bind9-next-9.21.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2394406
[ 2 ] Bug #2396295 - named-chroot fails to start: isc_dir_chroot: not implemented
https://bugzilla.redhat.com/show_bug.cgi?id=2396295
[ 3 ] Bug #2406399 - CVE-2025-40778 [Severity: High] bind9: Cache poisoning attacks with unsolicited RRs
https://bugzilla.redhat.com/show_bug.cgi?id=2406399
[ 4 ] Bug #2413104 - Regression with disabled algorithms after CVE-2025-8677 fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2413104
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d9f9394ecd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: luksmeta-10-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-457000540a
2025-11-16 00:54:19.352364+00:00
--------------------------------------------------------------------------------
Name : luksmeta
Product : Fedora 42
Version : 10
Release : 1.fc42
URL : https://github.com/latchset/luksmeta
Summary : Utility for storing small metadata in the LUKSv1 header
Description :
LUKSMeta is a command line utility for storing small portions of metadata in
the LUKSv1 header for use before unlocking the volume.
--------------------------------------------------------------------------------
Update Information:
New upstream release v10
Fix: CVE-2025-11568
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2025 Sergio Correia [scorreia@redhat.com] - 10-1
- New upstream release v10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2404247 - CVE-2025-11568 luksmeta: Data corruption when handling LUKS1 partitions with luksmeta [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2404247
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-457000540a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
