dnsdist-1.8.0~rc1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12731 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z dnsdist-1.8.0~rc1-1.1 on GA media These are all security issues fixed in the dnsdist-1.8.0~rc1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12731 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12731 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-7069/ SUSE CVE CVE-2016-7069 page https://www.suse.com/security/cve/CVE-2018-14663/ SUSE CVE CVE-2018-14663 page openSUSE Tumbleweed dnsdist-1.8.0~rc1-1.1 dnsdist-1.8.0~rc1-1.1 as a component of openSUSE Tumbleweed An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash. CVE-2016-7069 openSUSE Tumbleweed:dnsdist-1.8.0~rc1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7069.html CVE-2016-7069 https://bugzilla.suse.com/1054799 SUSE Bug 1054799 An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend. CVE-2018-14663 openSUSE Tumbleweed:dnsdist-1.8.0~rc1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14663.html CVE-2018-14663 https://bugzilla.suse.com/1114511 SUSE Bug 1114511