OESA-2026-2720

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2720
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2720.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2720
Upstream
Published
2026-06-24T13:11:51Z
Modified
2026-06-24T13:30:08.013969940Z
Summary
coredns security update
Details

CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins.

Security Fix(es):

CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The TTL() function in plugin/etcd/etcd.go incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.(CVE-2025-58063)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / coredns

Package

Name
coredns
Purl
pkg:rpm/openEuler/coredns&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-1.2.oe2003sp4

Ecosystem specific

{
    "x86_64": [
        "coredns-1.7.0-1.2.oe2003sp4.x86_64.rpm",
        "coredns-help-1.7.0-1.2.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "coredns-1.7.0-1.2.oe2003sp4.src.rpm"
    ],
    "aarch64": [
        "coredns-1.7.0-1.2.oe2003sp4.aarch64.rpm",
        "coredns-help-1.7.0-1.2.oe2003sp4.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2720.json"

openEuler:22.03-LTS-SP4 / coredns

Package

Name
coredns
Purl
pkg:rpm/openEuler/coredns&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-1.4.oe2203sp4

Ecosystem specific

{
    "x86_64": [
        "coredns-1.7.0-1.4.oe2203sp4.x86_64.rpm",
        "coredns-help-1.7.0-1.4.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "coredns-1.7.0-1.4.oe2203sp4.src.rpm"
    ],
    "aarch64": [
        "coredns-1.7.0-1.4.oe2203sp4.aarch64.rpm",
        "coredns-help-1.7.0-1.4.oe2203sp4.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2720.json"

openEuler:24.03-LTS-SP1 / coredns

Package

Name
coredns
Purl
pkg:rpm/openEuler/coredns&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-1.4.oe2403sp1

Ecosystem specific

{
    "x86_64": [
        "coredns-1.7.0-1.4.oe2403sp1.x86_64.rpm",
        "coredns-help-1.7.0-1.4.oe2403sp1.x86_64.rpm"
    ],
    "src": [
        "coredns-1.7.0-1.4.oe2403sp1.src.rpm"
    ],
    "aarch64": [
        "coredns-1.7.0-1.4.oe2403sp1.aarch64.rpm",
        "coredns-help-1.7.0-1.4.oe2403sp1.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2720.json"

openEuler:24.03-LTS-SP3 / coredns

Package

Name
coredns
Purl
pkg:rpm/openEuler/coredns&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-1.4.oe2403sp3

Ecosystem specific

{
    "x86_64": [
        "coredns-1.7.0-1.4.oe2403sp3.x86_64.rpm",
        "coredns-help-1.7.0-1.4.oe2403sp3.x86_64.rpm"
    ],
    "src": [
        "coredns-1.7.0-1.4.oe2403sp3.src.rpm"
    ],
    "aarch64": [
        "coredns-1.7.0-1.4.oe2403sp3.aarch64.rpm",
        "coredns-help-1.7.0-1.4.oe2403sp3.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2720.json"