The Internet Systems Consortium (ISC) has announced the release of new versions of BIND 9: specifically, versions 9.18.44, 9.20.18, and 9.21.17. These updates aim to address a critical security vulnerability identified as CVE-2025-13878, which poses a significant risk by allowing attackers to remotely crash the named service when it encounters malformed or malicious DNS requests. This issue affects both authoritative name servers and resolver systems, making it crucial for anyone managing BIND 9 installations to apply these patches promptly.
The vulnerability has been assigned a CVSS score of 7.5, indicating a potentially severe impact if exploited. Given that attackers can trigger this flaw without needing physical access to the servers, the urgency for updating is heightened, especially for systems exposed to the internet or handling internal requests.
The affected versions span various releases, including older stable versions from 9.18 up to 43, newer ones from 9.20 starting at 13 to 17, and preview editions from 9.21.12 to 9.21.16. ISC recommends that all users prioritize the installation of these updates to safeguard their DNS services.
Users can download the latest versions from ISC's dedicated directories:
- BIND 9.18.44: [Download Link](https://downloads.isc.org/isc/bind9/9.18.44/)
- BIND 9.20.18: [Download Link](https://downloads.isc.org/isc/bind9/9.20.18/)
- BIND 9.21.17: [Download Link](https://downloads.isc.org/isc/bind9/9.21.17/)
Each download package includes a comprehensive source tarball and cryptographic signatures for integrity verification. Release notes detailing the changes and fixes in these updates are also provided.
In summary, these releases emphasize the importance of maintaining updated software to protect against serious vulnerabilities that can compromise system security. Users are encouraged to stay informed about future updates and best practices for managing BIND installations to ensure robust DNS service performance and security
The vulnerability has been assigned a CVSS score of 7.5, indicating a potentially severe impact if exploited. Given that attackers can trigger this flaw without needing physical access to the servers, the urgency for updating is heightened, especially for systems exposed to the internet or handling internal requests.
The affected versions span various releases, including older stable versions from 9.18 up to 43, newer ones from 9.20 starting at 13 to 17, and preview editions from 9.21.12 to 9.21.16. ISC recommends that all users prioritize the installation of these updates to safeguard their DNS services.
Users can download the latest versions from ISC's dedicated directories:
- BIND 9.18.44: [Download Link](https://downloads.isc.org/isc/bind9/9.18.44/)
- BIND 9.20.18: [Download Link](https://downloads.isc.org/isc/bind9/9.20.18/)
- BIND 9.21.17: [Download Link](https://downloads.isc.org/isc/bind9/9.21.17/)
Each download package includes a comprehensive source tarball and cryptographic signatures for integrity verification. Release notes detailing the changes and fixes in these updates are also provided.
In summary, these releases emphasize the importance of maintaining updated software to protect against serious vulnerabilities that can compromise system security. Users are encouraged to stay informed about future updates and best practices for managing BIND installations to ensure robust DNS service performance and security
BIND 9 9.18.44, 9.20.18, and 9.21.17 released
BIND 9.18.44, 9.20.18, and 9.21.17 have been released by the Internet Systems Consortium (ISC) to address a serious security vulnerability in their Domain Name System software. This flaw, identified as CVE-2025-13878, allows attackers to remotely trigger a crash in the named service if it receives malformed or malicious requests. The affected versions span several release cycles, and ISC advises prioritizing system security by patching these vulnerabilities as soon as possible. You can download the latest versions directly from ISC's dedicated download directories, including full source tarballs and cryptographic signatures for verification.
BIND 9 9.18.44, 9.20.18, and 9.21.17 released @ Linux Compatible
