bind security update

An update is available for bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain BIND is an implementation of the Domain Name...

CVE-2025-62161

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...

Oracle Linux 10 : bind (ELSA-2025-19912)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19912 advisory. - Fix upstream reported regression in recent CVE fix CVE-2025-8677 - Refuse malformed DNSKEY records CVE-2025-8677 - Address various spoofing attacks...

SUSE SLES12 Security Update : bind (SUSE-SU-2025:3976-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:3976-1 advisory. - CVE-2025-40778: Address various spoofing attacks bsc1252379. Tenable has extracted the preceding description block directly from the SUSE security...

RHEL 10 : bind (RHSA-2025:19912)

"The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19912 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

AlmaLinux 8 : bind9.16 (ALSA-2025:19793)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19793 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the precedi...

AlmaLinux 8 : bind (ALSA-2025:19835)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:19835 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2025-1255)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1255 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.This issue affects BIND 9 versions 9.11.0 throug...

RockyLinux 8 : bind (RLSA-2025:19835)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:19835 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 Tenable has extracted the preceding description block directly from the RockyLinux security...

AZL-70513 CVE-2025-52565 affecting package buildah 1.18.0-29

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

AZL-69821 CVE-2025-52565 affecting package moby-runc for versions less than 1.2.8-1

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

AZL-70589 CVE-2025-52565 affecting package kubernetes for versions less than 1.30.10-16

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565

CVE-2025-52565 affects moby-runc (and thus the runc runtime) with versions less than 1.2.8-1. Affected component is the bind-mount of /dev/pts/$n to /dev/console, leading to container escapes or denial of service via writable gadget exposure. The connected MARINER advisories confirm an upgraded p...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

CVE-2025-31133

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...