OESA-2026-2939

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2939
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2939.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2939
Upstream
Published
2026-07-09T12:53:33Z
Modified
2026-07-14T08:15:09.770254178Z
Summary
coredns security update
Details

CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins.

Security Fix(es):

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.(CVE-2026-26017)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / coredns

Package

Name
coredns
Purl
pkg:rpm/openEuler/coredns&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-1.4.oe2003sp4

Ecosystem specific

{
    "src": [
        "coredns-1.7.0-1.4.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "coredns-1.7.0-1.4.oe2003sp4.x86_64.rpm",
        "coredns-help-1.7.0-1.4.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "coredns-1.7.0-1.4.oe2003sp4.aarch64.rpm",
        "coredns-help-1.7.0-1.4.oe2003sp4.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2939.json"