{"affected":[{"ecosystem_specific":{"binaries":[{"coredns":"1.11.3-bp156.4.3.1","coredns-extras":"1.11.3-bp156.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"coredns","purl":"pkg:rpm/suse/coredns&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.11.3-bp156.4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"coredns":"1.11.3-bp156.4.3.1","coredns-extras":"1.11.3-bp156.4.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"coredns","purl":"pkg:rpm/opensuse/coredns&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.11.3-bp156.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for coredns fixes the following issues:\n\nUpdate to version 1.11.3:\n\n  * optimize the performance for high qps (#6767)\n  * bump deps\n  * Fix zone parser error handling (#6680)\n  * Add alternate option to forward plugin (#6681)\n  * fix: plugin/file: return error when parsing the file fails (#6699)\n  * [fix:documentation] Clarify autopath README (#6750)\n  * Fix outdated test (#6747)\n  * Bump go version from 1.21.8 to 1.21.11 (#6755)\n  * Generate zplugin.go correctly with third-party plugins (#6692)\n  * dnstap: uses pointer receiver for small response writer (#6644)\n  * chore: fix function name in comment (#6608)\n  * [plugin/forward] Strip local zone from IPV6 nameservers (#6635)\n- fixes CVE-2023-30464\n- fixes CVE-2023-28452\n\nUpdate to upstream head (git commit #5a52707):\n\n  * bump deps to address security issue CVE-2024-22189\n  * Return RcodeServerFailure when DNS64 has no next plugin (#6590)\n  * add plusserver to adopters (#6565)\n  * Change the log flags to be a variable that can be set prior to calling Run (#6546)\n  * Enable Prometheus native histograms (#6524)\n  * forward: respect context (#6483)\n  * add client labels to k8s plugin metadata (#6475)\n  * fix broken link in webpage (#6488)\n  * Repo controlled Go version (#6526)\n  * removed the mutex locks with atomic bool (#6525)\n\nUpdate to version 1.11.2:\n\n  * rewrite: fix multi request concurrency issue in cname rewrite  (#6407)\n  * plugin/tls: respect the path specified by root plugin (#6138)\n  * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333)\n  * fix: make the codeowners link relative (#6397)\n  * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351)\n  * plugin/cache: key cache on Checking Disabled (CD) bit (#6354)\n  * Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395)\n  * Add PITS Global Data Recovery Services as an adopter (#6304)\n  * Handle UDP responses that overflow with TC bit with test case (#6277)\n  * plugin/rewrite: add rcode as a rewrite option (#6204)\n\n- CVE-2024-0874: coredns: CD bit response is cached and served later\n\n- Update to version 1.11.1:\n\n  * Revert “plugin/forward: Continue waiting after receiving malformed responses\n  * plugin/dnstap: add support for “extra” field in payload\n  * plugin/cache: fix keepttl parsing\n\n- Update to version 1.11.0:\n\n  * Adds support for accepting DNS connections over QUIC (doq).\n  * Adds CNAME target rewrites to the rewrite plugin.\n  * Plus many bug fixes, and some security improvements.\n  * This release introduces the following backward incompatible changes:\n   + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, \n     since all supported K8s versions now use Endpointslice.\n   + The bufsize plugin changed its default size limit value to 1232\n   + Some changes to forward plugin metrics.\n\n- Update to version 1.10.1:\n\n  * Corrected architecture labels in multi-arch image manifest\n  * A new plugin timeouts that allows configuration of server listener timeout durations\n  * acl can drop queries as an action\n  * template supports creating responses with extended DNS errors\n  * New weighted policy in loadbalance\n  * Option to serve original record TTLs from cache\n\n- Update to version 1.10.0:\n\n\t* core: add log listeners for k8s_event plugin (#5451)\n\t* core: log DoH HTTP server error logs in CoreDNS format (#5457)\n\t* core: warn when domain names are not in RFC1035 preferred syntax (#5414)\n\t* plugin/acl: add support for extended DNS errors (#5532)\n\t* plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602)\n\t* plugin/cache: add cache disable option (#5540)\n\t* plugin/cache: add metadata for wildcard record responses (#5308)\n\t* plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320)\n\t* plugin/cache: correct responses to Authenticated Data requests (#5191)\n\t* plugin/dnstap: add identity and version support for the dnstap plugin (#5555)\n\t* plugin/file: add metadata for wildcard record responses (#5308)\n\t* plugin/forward: enable multiple forward declarations (#5127)\n\t* plugin/forward: health_check needs to normalize a specified domain name (#5543)\n\t* plugin/forward: remove unused coredns_forward_sockets_open metric (#5431)\n\t* plugin/header: add support for query modification (#5556)\n\t* plugin/health: bypass proxy in self health check (#5401)\n\t* plugin/health: don't go lameduck when reloading (#5472)\n\t* plugin/k8s_external: add support for PTR requests (#5435)\n\t* plugin/k8s_external: resolve headless services (#5505)\n\t* plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461)\n\t* plugin/ready: reset list of readiness plugins on startup (#5492)\n\t* plugin/rewrite: add PTR records to supported types (#5565)\n\t* plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459)\n\t* plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462)\n\t* plugin/rewrite: support min and max TTL values (#5508)\n\t* plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460)\n\t* plugin/trace: read trace context info from headers for DOH (#5439)\n\t* plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957)\n\t* core: update gopkg.in/yaml.v3 to fix CVE-2022-28948 \n\t* core: update golang.org/x/crypto to fix CVE-2022-27191 \n\t* plugin/acl: adding a check to parse out zone info \n\t* plugin/dnstap: support FQDN TCP endpoint \n\t* plugin/errors: add stacktrace option to log a stacktrace during panic recovery \n\t* plugin/template: return SERVFAIL for zone-match regex-no-match case \n","id":"openSUSE-SU-2024:0319-1","modified":"2024-09-27T14:01:32Z","published":"2024-09-27T14:01:32Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JLUFKCHWHJJ2MQ6XRREF7D4OOWB23V2/"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-27191"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-28948"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-28452"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-30464"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0874"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-22189"}],"related":["CVE-2022-27191","CVE-2022-28948","CVE-2023-28452","CVE-2023-30464","CVE-2024-0874","CVE-2024-22189"],"summary":"Security update for coredns","upstream":["CVE-2022-27191","CVE-2022-28948","CVE-2023-28452","CVE-2023-30464","CVE-2024-0874","CVE-2024-22189"]}