SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2760

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2760

Security update for dnsdist

Type: security

Severity: moderate

Issued: 2023-07-03

Description:

This update for dnsdist fixes the following issues:


- update to 1.8.0
  - Implements dnsdist in SLE15 (jsc#PED-3402)
  - Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511)

- update to 1.2.0 (bsc#1054799, bsc#1054802)
  This release also addresses two security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a
  denial of service on 32-bit if a backend sends crafted answers,
  and the second to an alteration of dnsdist’s ACL if the API is
  enabled, writable and an authenticated user is tricked into
  visiting a crafted website.

References

CVE: CVE-2018-14663
CVE: CVE-2017-7557
CVE: CVE-2016-7069
Bugzilla: 1114511 VUL-0: CVE-2018-14663: dnsdist: 2018-08: Record smuggling when adding ECS or XPF
Bugzilla: 1054802 VUL-0: CVE-2017-7557: dnsdist: Alteration of ACLs via API authentication bypass
Bugzilla: 1054799 VUL-0: CVE-2016-7069: dnsdist: Crafted backend responses can cause a denial of service

Packages

luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1