Security update for dnsdist
Announcement ID: | SUSE-SU-2023:2777-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
This update for dnsdist fixes the following issues:
- Implements package 'dnsdist' with version 1.8.0 in SLE15. (jsc#PED-3402)
- Downstream DNS resolver configuration should be chosen by the admin
- Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511)
- Security fix: There is an issue that can lead to a denial of service on 32-bit if a backend sends crafted answers. (CVE-2016-7069, bsc#1054799)
- Security fix: Alteration of dnsdist's ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website. (CVE-2017-7557, bsc#1054799)
- SNMP support, exporting statistics and sending traps
- Preventing the packet cache from ageing responses when deployed in
- Various DNSCrypt-related fixes and improvements, including automatic key rotation
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2777=1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2777=1
-
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2777=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2777=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2777=1
Package List:
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
- dnsdist-1.8.0-150100.3.5.1
- dnsdist-debugsource-1.8.0-150100.3.5.1
- dnsdist-debuginfo-1.8.0-150100.3.5.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- dnsdist-1.8.0-150100.3.5.1
- dnsdist-debugsource-1.8.0-150100.3.5.1
- dnsdist-debuginfo-1.8.0-150100.3.5.1
-
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64)
- dnsdist-1.8.0-150100.3.5.1
- dnsdist-debugsource-1.8.0-150100.3.5.1
- dnsdist-debuginfo-1.8.0-150100.3.5.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64)
- dnsdist-1.8.0-150100.3.5.1
- dnsdist-debugsource-1.8.0-150100.3.5.1
- dnsdist-debuginfo-1.8.0-150100.3.5.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
- dnsdist-1.8.0-150100.3.5.1
- dnsdist-debugsource-1.8.0-150100.3.5.1
- dnsdist-debuginfo-1.8.0-150100.3.5.1
References:
- https://www.suse.com/security/cve/CVE-2016-7069.html
- https://www.suse.com/security/cve/CVE-2017-7557.html
- https://www.suse.com/security/cve/CVE-2018-14663.html
- https://bugzilla.suse.com/show_bug.cgi?id=1054799
- https://bugzilla.suse.com/show_bug.cgi?id=1054802
- https://bugzilla.suse.com/show_bug.cgi?id=1114511