openSUSE-SU-2024:0319-1

See a problem?
Source
https://www.suse.com/support/update/announcement/2024/opensuse-su-20240319-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0319-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0319-1
Related
Published
2024-09-27T14:01:32Z
Modified
2024-09-27T14:01:32Z
Summary
Security update for coredns
Details

This update for coredns fixes the following issues:

Update to version 1.11.3:

  • optimize the performance for high qps (#6767)
  • bump deps
  • Fix zone parser error handling (#6680)
  • Add alternate option to forward plugin (#6681)
  • fix: plugin/file: return error when parsing the file fails (#6699)
  • [fix:documentation] Clarify autopath README (#6750)
  • Fix outdated test (#6747)
  • Bump go version from 1.21.8 to 1.21.11 (#6755)
  • Generate zplugin.go correctly with third-party plugins (#6692)
  • dnstap: uses pointer receiver for small response writer (#6644)
  • chore: fix function name in comment (#6608)
  • [plugin/forward] Strip local zone from IPV6 nameservers (#6635)
    • fixes CVE-2023-30464
    • fixes CVE-2023-28452

Update to upstream head (git commit #5a52707):

  • bump deps to address security issue CVE-2024-22189
  • Return RcodeServerFailure when DNS64 has no next plugin (#6590)
  • add plusserver to adopters (#6565)
  • Change the log flags to be a variable that can be set prior to calling Run (#6546)
  • Enable Prometheus native histograms (#6524)
  • forward: respect context (#6483)
  • add client labels to k8s plugin metadata (#6475)
  • fix broken link in webpage (#6488)
  • Repo controlled Go version (#6526)
  • removed the mutex locks with atomic bool (#6525)

Update to version 1.11.2:

  • rewrite: fix multi request concurrency issue in cname rewrite (#6407)
  • plugin/tls: respect the path specified by root plugin (#6138)
  • plugin/auto: warn when auto is unable to read elements of the directory tree (#6333)
  • fix: make the codeowners link relative (#6397)
  • plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351)
  • plugin/cache: key cache on Checking Disabled (CD) bit (#6354)
  • Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395)
  • Add PITS Global Data Recovery Services as an adopter (#6304)
  • Handle UDP responses that overflow with TC bit with test case (#6277)
  • plugin/rewrite: add rcode as a rewrite option (#6204)

    • CVE-2024-0874: coredns: CD bit response is cached and served later

    • Update to version 1.11.1:

  • Revert “plugin/forward: Continue waiting after receiving malformed responses

  • plugin/dnstap: add support for “extra” field in payload
  • plugin/cache: fix keepttl parsing

    • Update to version 1.11.0:
  • Adds support for accepting DNS connections over QUIC (doq).

  • Adds CNAME target rewrites to the rewrite plugin.
  • Plus many bug fixes, and some security improvements.
  • This release introduces the following backward incompatible changes:

    • In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, since all supported K8s versions now use Endpointslice.
    • The bufsize plugin changed its default size limit value to 1232
    • Some changes to forward plugin metrics.

    • Update to version 1.10.1:

  • Corrected architecture labels in multi-arch image manifest

  • A new plugin timeouts that allows configuration of server listener timeout durations
  • acl can drop queries as an action
  • template supports creating responses with extended DNS errors
  • New weighted policy in loadbalance
  • Option to serve original record TTLs from cache

    • Update to version 1.10.0:

    • core: add log listeners for k8s_event plugin (#5451)

    • core: log DoH HTTP server error logs in CoreDNS format (#5457)
    • core: warn when domain names are not in RFC1035 preferred syntax (#5414)
    • plugin/acl: add support for extended DNS errors (#5532)
    • plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602)
    • plugin/cache: add cache disable option (#5540)
    • plugin/cache: add metadata for wildcard record responses (#5308)
    • plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320)
    • plugin/cache: correct responses to Authenticated Data requests (#5191)
    • plugin/dnstap: add identity and version support for the dnstap plugin (#5555)
    • plugin/file: add metadata for wildcard record responses (#5308)
    • plugin/forward: enable multiple forward declarations (#5127)
    • plugin/forward: health_check needs to normalize a specified domain name (#5543)
    • plugin/forward: remove unused corednsforwardsockets_open metric (#5431)
    • plugin/header: add support for query modification (#5556)
    • plugin/health: bypass proxy in self health check (#5401)
    • plugin/health: don't go lameduck when reloading (#5472)
    • plugin/k8s_external: add support for PTR requests (#5435)
    • plugin/k8s_external: resolve headless services (#5505)
    • plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461)
    • plugin/ready: reset list of readiness plugins on startup (#5492)
    • plugin/rewrite: add PTR records to supported types (#5565)
    • plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459)
    • plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462)
    • plugin/rewrite: support min and max TTL values (#5508)
    • plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460)
    • plugin/trace: read trace context info from headers for DOH (#5439)
    • plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957)
    • core: update gopkg.in/yaml.v3 to fix CVE-2022-28948
    • core: update golang.org/x/crypto to fix CVE-2022-27191
    • plugin/acl: adding a check to parse out zone info
    • plugin/dnstap: support FQDN TCP endpoint
    • plugin/errors: add stacktrace option to log a stacktrace during panic recovery
    • plugin/template: return SERVFAIL for zone-match regex-no-match case
References

Affected packages

SUSE:Package Hub 15 SP6 / coredns

Package

Name
coredns
Purl
purl:rpm/suse/coredns&distro=SUSE%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.3-bp156.4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "coredns-extras": "1.11.3-bp156.4.3.1",
            "coredns": "1.11.3-bp156.4.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / coredns

Package

Name
coredns
Purl
purl:rpm/suse/coredns&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.3-bp156.4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "coredns-extras": "1.11.3-bp156.4.3.1",
            "coredns": "1.11.3-bp156.4.3.1"
        }
    ]
}