opensuse-su-2024:0319-1
Vulnerability from csaf_opensuse
Published
2024-09-27 14:01
Modified
2024-09-27 14:01
Summary
Security update for coredns
Notes
Title of the patch
Security update for coredns
Description of the patch
This update for coredns fixes the following issues:
Update to version 1.11.3:
* optimize the performance for high qps (#6767)
* bump deps
* Fix zone parser error handling (#6680)
* Add alternate option to forward plugin (#6681)
* fix: plugin/file: return error when parsing the file fails (#6699)
* [fix:documentation] Clarify autopath README (#6750)
* Fix outdated test (#6747)
* Bump go version from 1.21.8 to 1.21.11 (#6755)
* Generate zplugin.go correctly with third-party plugins (#6692)
* dnstap: uses pointer receiver for small response writer (#6644)
* chore: fix function name in comment (#6608)
* [plugin/forward] Strip local zone from IPV6 nameservers (#6635)
- fixes CVE-2023-30464
- fixes CVE-2023-28452
Update to upstream head (git commit #5a52707):
* bump deps to address security issue CVE-2024-22189
* Return RcodeServerFailure when DNS64 has no next plugin (#6590)
* add plusserver to adopters (#6565)
* Change the log flags to be a variable that can be set prior to calling Run (#6546)
* Enable Prometheus native histograms (#6524)
* forward: respect context (#6483)
* add client labels to k8s plugin metadata (#6475)
* fix broken link in webpage (#6488)
* Repo controlled Go version (#6526)
* removed the mutex locks with atomic bool (#6525)
Update to version 1.11.2:
* rewrite: fix multi request concurrency issue in cname rewrite (#6407)
* plugin/tls: respect the path specified by root plugin (#6138)
* plugin/auto: warn when auto is unable to read elements of the directory tree (#6333)
* fix: make the codeowners link relative (#6397)
* plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351)
* plugin/cache: key cache on Checking Disabled (CD) bit (#6354)
* Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395)
* Add PITS Global Data Recovery Services as an adopter (#6304)
* Handle UDP responses that overflow with TC bit with test case (#6277)
* plugin/rewrite: add rcode as a rewrite option (#6204)
- CVE-2024-0874: coredns: CD bit response is cached and served later
- Update to version 1.11.1:
* Revert “plugin/forward: Continue waiting after receiving malformed responses
* plugin/dnstap: add support for “extra” field in payload
* plugin/cache: fix keepttl parsing
- Update to version 1.11.0:
* Adds support for accepting DNS connections over QUIC (doq).
* Adds CNAME target rewrites to the rewrite plugin.
* Plus many bug fixes, and some security improvements.
* This release introduces the following backward incompatible changes:
+ In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta,
since all supported K8s versions now use Endpointslice.
+ The bufsize plugin changed its default size limit value to 1232
+ Some changes to forward plugin metrics.
- Update to version 1.10.1:
* Corrected architecture labels in multi-arch image manifest
* A new plugin timeouts that allows configuration of server listener timeout durations
* acl can drop queries as an action
* template supports creating responses with extended DNS errors
* New weighted policy in loadbalance
* Option to serve original record TTLs from cache
- Update to version 1.10.0:
* core: add log listeners for k8s_event plugin (#5451)
* core: log DoH HTTP server error logs in CoreDNS format (#5457)
* core: warn when domain names are not in RFC1035 preferred syntax (#5414)
* plugin/acl: add support for extended DNS errors (#5532)
* plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602)
* plugin/cache: add cache disable option (#5540)
* plugin/cache: add metadata for wildcard record responses (#5308)
* plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320)
* plugin/cache: correct responses to Authenticated Data requests (#5191)
* plugin/dnstap: add identity and version support for the dnstap plugin (#5555)
* plugin/file: add metadata for wildcard record responses (#5308)
* plugin/forward: enable multiple forward declarations (#5127)
* plugin/forward: health_check needs to normalize a specified domain name (#5543)
* plugin/forward: remove unused coredns_forward_sockets_open metric (#5431)
* plugin/header: add support for query modification (#5556)
* plugin/health: bypass proxy in self health check (#5401)
* plugin/health: don't go lameduck when reloading (#5472)
* plugin/k8s_external: add support for PTR requests (#5435)
* plugin/k8s_external: resolve headless services (#5505)
* plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461)
* plugin/ready: reset list of readiness plugins on startup (#5492)
* plugin/rewrite: add PTR records to supported types (#5565)
* plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459)
* plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462)
* plugin/rewrite: support min and max TTL values (#5508)
* plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460)
* plugin/trace: read trace context info from headers for DOH (#5439)
* plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957)
* core: update gopkg.in/yaml.v3 to fix CVE-2022-28948
* core: update golang.org/x/crypto to fix CVE-2022-27191
* plugin/acl: adding a check to parse out zone info
* plugin/dnstap: support FQDN TCP endpoint
* plugin/errors: add stacktrace option to log a stacktrace during panic recovery
* plugin/template: return SERVFAIL for zone-match regex-no-match case
Patchnames
openSUSE-2024-319
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for coredns",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for coredns fixes the following issues:\n\nUpdate to version 1.11.3:\n\n * optimize the performance for high qps (#6767)\n * bump deps\n * Fix zone parser error handling (#6680)\n * Add alternate option to forward plugin (#6681)\n * fix: plugin/file: return error when parsing the file fails (#6699)\n * [fix:documentation] Clarify autopath README (#6750)\n * Fix outdated test (#6747)\n * Bump go version from 1.21.8 to 1.21.11 (#6755)\n * Generate zplugin.go correctly with third-party plugins (#6692)\n * dnstap: uses pointer receiver for small response writer (#6644)\n * chore: fix function name in comment (#6608)\n * [plugin/forward] Strip local zone from IPV6 nameservers (#6635)\n- fixes CVE-2023-30464\n- fixes CVE-2023-28452\n\nUpdate to upstream head (git commit #5a52707):\n\n * bump deps to address security issue CVE-2024-22189\n * Return RcodeServerFailure when DNS64 has no next plugin (#6590)\n * add plusserver to adopters (#6565)\n * Change the log flags to be a variable that can be set prior to calling Run (#6546)\n * Enable Prometheus native histograms (#6524)\n * forward: respect context (#6483)\n * add client labels to k8s plugin metadata (#6475)\n * fix broken link in webpage (#6488)\n * Repo controlled Go version (#6526)\n * removed the mutex locks with atomic bool (#6525)\n\nUpdate to version 1.11.2:\n\n * rewrite: fix multi request concurrency issue in cname rewrite (#6407)\n * plugin/tls: respect the path specified by root plugin (#6138)\n * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333)\n * fix: make the codeowners link relative (#6397)\n * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351)\n * plugin/cache: key cache on Checking Disabled (CD) bit (#6354)\n * Use the correct root domain name in the proxy plugin\u0027s TestHealthX tests (#6395)\n * Add PITS Global Data Recovery Services as an adopter (#6304)\n * Handle UDP responses that overflow with TC bit with test case (#6277)\n * plugin/rewrite: add rcode as a rewrite option (#6204)\n\n- CVE-2024-0874: coredns: CD bit response is cached and served later\n\n- Update to version 1.11.1:\n\n * Revert \u201cplugin/forward: Continue waiting after receiving malformed responses\n * plugin/dnstap: add support for \u201cextra\u201d field in payload\n * plugin/cache: fix keepttl parsing\n\n- Update to version 1.11.0:\n\n * Adds support for accepting DNS connections over QUIC (doq).\n * Adds CNAME target rewrites to the rewrite plugin.\n * Plus many bug fixes, and some security improvements.\n * This release introduces the following backward incompatible changes:\n + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, \n since all supported K8s versions now use Endpointslice.\n + The bufsize plugin changed its default size limit value to 1232\n + Some changes to forward plugin metrics.\n\n- Update to version 1.10.1:\n\n * Corrected architecture labels in multi-arch image manifest\n * A new plugin timeouts that allows configuration of server listener timeout durations\n * acl can drop queries as an action\n * template supports creating responses with extended DNS errors\n * New weighted policy in loadbalance\n * Option to serve original record TTLs from cache\n\n- Update to version 1.10.0:\n\n\t* core: add log listeners for k8s_event plugin (#5451)\n\t* core: log DoH HTTP server error logs in CoreDNS format (#5457)\n\t* core: warn when domain names are not in RFC1035 preferred syntax (#5414)\n\t* plugin/acl: add support for extended DNS errors (#5532)\n\t* plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602)\n\t* plugin/cache: add cache disable option (#5540)\n\t* plugin/cache: add metadata for wildcard record responses (#5308)\n\t* plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320)\n\t* plugin/cache: correct responses to Authenticated Data requests (#5191)\n\t* plugin/dnstap: add identity and version support for the dnstap plugin (#5555)\n\t* plugin/file: add metadata for wildcard record responses (#5308)\n\t* plugin/forward: enable multiple forward declarations (#5127)\n\t* plugin/forward: health_check needs to normalize a specified domain name (#5543)\n\t* plugin/forward: remove unused coredns_forward_sockets_open metric (#5431)\n\t* plugin/header: add support for query modification (#5556)\n\t* plugin/health: bypass proxy in self health check (#5401)\n\t* plugin/health: don\u0027t go lameduck when reloading (#5472)\n\t* plugin/k8s_external: add support for PTR requests (#5435)\n\t* plugin/k8s_external: resolve headless services (#5505)\n\t* plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461)\n\t* plugin/ready: reset list of readiness plugins on startup (#5492)\n\t* plugin/rewrite: add PTR records to supported types (#5565)\n\t* plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459)\n\t* plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462)\n\t* plugin/rewrite: support min and max TTL values (#5508)\n\t* plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460)\n\t* plugin/trace: read trace context info from headers for DOH (#5439)\n\t* plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957)\n\t* core: update gopkg.in/yaml.v3 to fix CVE-2022-28948 \n\t* core: update golang.org/x/crypto to fix CVE-2022-27191 \n\t* plugin/acl: adding a check to parse out zone info \n\t* plugin/dnstap: support FQDN TCP endpoint \n\t* plugin/errors: add stacktrace option to log a stacktrace during panic recovery \n\t* plugin/template: return SERVFAIL for zone-match regex-no-match case \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-319",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0319-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0319-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JLUFKCHWHJJ2MQ6XRREF7D4OOWB23V2/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0319-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JLUFKCHWHJJ2MQ6XRREF7D4OOWB23V2/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27191 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28948 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28452 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-30464 page",
"url": "https://www.suse.com/security/cve/CVE-2023-30464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0874 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22189 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22189/"
}
],
"title": "Security update for coredns",
"tracking": {
"current_release_date": "2024-09-27T14:01:32Z",
"generator": {
"date": "2024-09-27T14:01:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0319-1",
"initial_release_date": "2024-09-27T14:01:32Z",
"revision_history": [
{
"date": "2024-09-27T14:01:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.11.3-bp156.4.3.1.aarch64",
"product": {
"name": "coredns-1.11.3-bp156.4.3.1.aarch64",
"product_id": "coredns-1.11.3-bp156.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.11.3-bp156.4.3.1.i586",
"product": {
"name": "coredns-1.11.3-bp156.4.3.1.i586",
"product_id": "coredns-1.11.3-bp156.4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-extras-1.11.3-bp156.4.3.1.noarch",
"product": {
"name": "coredns-extras-1.11.3-bp156.4.3.1.noarch",
"product_id": "coredns-extras-1.11.3-bp156.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.11.3-bp156.4.3.1.x86_64",
"product": {
"name": "coredns-1.11.3-bp156.4.3.1.x86_64",
"product_id": "coredns-1.11.3-bp156.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP6",
"product": {
"name": "SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.i586 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.11.3-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
},
"product_reference": "coredns-extras-1.11.3-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.i586 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.11.3-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
},
"product_reference": "coredns-extras-1.11.3-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27191"
}
],
"notes": [
{
"category": "general",
"text": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27191",
"url": "https://www.suse.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "SUSE Bug 1197284 for CVE-2022-27191",
"url": "https://bugzilla.suse.com/1197284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "important"
}
],
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-28948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28948"
}
],
"notes": [
{
"category": "general",
"text": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28948",
"url": "https://www.suse.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "SUSE Bug 1199772 for CVE-2022-28948",
"url": "https://bugzilla.suse.com/1199772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2022-28948"
},
{
"cve": "CVE-2023-28452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28452"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28452",
"url": "https://www.suse.com/security/cve/CVE-2023-28452"
},
{
"category": "external",
"summary": "SUSE Bug 1230760 for CVE-2023-28452",
"url": "https://bugzilla.suse.com/1230760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "important"
}
],
"title": "CVE-2023-28452"
},
{
"cve": "CVE-2023-30464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-30464"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-30464",
"url": "https://www.suse.com/security/cve/CVE-2023-30464"
},
{
"category": "external",
"summary": "SUSE Bug 1230757 for CVE-2023-30464",
"url": "https://bugzilla.suse.com/1230757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "important"
}
],
"title": "CVE-2023-30464"
},
{
"cve": "CVE-2024-0874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0874"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0874",
"url": "https://www.suse.com/security/cve/CVE-2024-0874"
},
{
"category": "external",
"summary": "SUSE Bug 1219167 for CVE-2024-0874",
"url": "https://bugzilla.suse.com/1219167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-0874"
},
{
"cve": "CVE-2024-22189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22189"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer\u0027s RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22189",
"url": "https://www.suse.com/security/cve/CVE-2024-22189"
},
{
"category": "external",
"summary": "SUSE Bug 1222461 for CVE-2024-22189",
"url": "https://bugzilla.suse.com/1222461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "important"
}
],
"title": "CVE-2024-22189"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…