SUSE Package Hub - openSUSE-2026-80

Update Info

openSUSE-2026-80

Security update for coredns

Type: security

Severity: important

Issued: 2026-03-11

Description:

This update for coredns fixes the following issues:

Update to version 1.14.2:

- CVE-2026-26017: Fixed DNS access control bypass due to default execution 
  order of plugins and TOCTOU flaw (bsc#1259320).
- CVE-2026-26018: Fixed denial of service in the loop detection plugin due to 
  predictable PRNG combined with fatal error handler (bsc#1259319).
- CVE-2025-68156: Fixed uncontrolled recursion in expression evaluation can 
  cause a denial of service (bsc#1255345).

References

CVE: CVE-2026-26018
CVE: CVE-2026-26017
CVE: CVE-2025-68156
Bugzilla: 1259320 VUL-0: CVE-2026-26017: coredns: DNS access control bypass due to default execution order of plugins and TOCTOU flaw
Bugzilla: 1259319 VUL-0: CVE-2026-26018: coredns: denial of service in the loop detection plugin due to predictable PRNG combined with fatal error handler
Bugzilla: 1255345 VUL-0: CVE-2025-68156: coredns: github.com/expr-lang/expr/builtin: uncontrolled recursion in expression evaluation can cause a denial of service

Packages

coredns-1.14.2-bp157.2.13.1