OESA-2025-1138

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1138

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1138.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1138

Upstream

CVE-2023-29483

Published

2025-02-21T13:35:28Z

Modified

2025-08-12T05:38:44.157678Z

Summary

python-dns security update

Details

Security Fix(es):

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.(CVE-2023-29483)

Database specific

{
    "severity": "Low"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / python-dns

Package

Name: python-dns
Purl: pkg:rpm/openEuler/python-dns&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.1-3.oe2203sp3

Ecosystem specific

{
    "src": [
        "python-dns-2.2.1-3.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "python-dns-help-2.2.1-3.oe2203sp3.noarch.rpm",
        "python3-dns-2.2.1-3.oe2203sp3.noarch.rpm"
    ]
}