SUSE-SU-2023:2777-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2023/suse-su-20232777-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2777-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2023:2777-1

Related

Published

2023-07-04T08:39:57Z

Modified

2023-07-04T08:39:57Z

Summary

Security update for dnsdist

Details

This update for dnsdist fixes the following issues:

Implements package 'dnsdist' with version 1.8.0 in SLE15. (jsc#PED-3402)
Downstream DNS resolver configuration should be chosen by the admin
Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511)
Security fix: There is an issue that can lead to a denial of service on 32-bit if a backend sends crafted answers. (CVE-2016-7069, bsc#1054799)
Security fix: Alteration of dnsdist's ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website. (CVE-2017-7557, bsc#1054799)
SNMP support, exporting statistics and sending traps
Preventing the packet cache from ageing responses when deployed in
Various DNSCrypt-related fixes and improvements, including automatic key rotation

References

Affected packages

SUSE:Linux Enterprise Server 15 SP1-LTSS / dnsdist

Package

Name: dnsdist
Purl: pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0-150100.3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "dnsdist": "1.8.0-150100.3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / dnsdist

Package

Name: dnsdist
Purl: pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0-150100.3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "dnsdist": "1.8.0-150100.3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / dnsdist

Package

Name: dnsdist
Purl: pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0-150100.3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "dnsdist": "1.8.0-150100.3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / dnsdist

Package

Name: dnsdist
Purl: pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0-150100.3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "dnsdist": "1.8.0-150100.3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / dnsdist

Package

Name: dnsdist
Purl: pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0-150100.3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "dnsdist": "1.8.0-150100.3.5.1"
        }
    ]
}