On 21 January 2026, Internet Systems Consortium disclosed one vulnerability affecting our BIND 9 software:
- CVE-2025-13878: Malformed BRID/HHIT records can cause named to terminate unexpectedly https://kb.isc.org/docs/cve-2025-13878 New versions of BIND 9 are available: - https://downloads.isc.org/isc/bind9/9.18.44/ - https://downloads.isc.org/isc/bind9/9.20.18/ - https://downloads.isc.org/isc/bind9/9.21.17/ Operators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of each above directory. For more information and other release formats, consult the ISC software download page: https://www.isc.org/download/ With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released. -- Best regards, Michał Kępień
