Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
patchinfo.28820
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.28820
<patchinfo incident="28820"> <issue tracker="cve" id="2016-7069"/> <issue tracker="cve" id="2017-7557"/> <issue tracker="cve" id="2018-14663"/> <issue tracker="bnc" id="1054799">VUL-0: CVE-2016-7069: dnsdist: Crafted backend responses can cause a denial of service</issue> <issue tracker="bnc" id="1114511">VUL-0: CVE-2018-14663: dnsdist: 2018-08: Record smuggling when adding ECS or XPF</issue> <issue tracker="bnc" id="1054802">VUL-0: CVE-2017-7557: dnsdist: Alteration of ACLs via API authentication bypass</issue> <packager>adamm</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for dnsdist</summary> <description>This update for dnsdist fixes the following issues: - update to 1.8.0 - Implements dnsdist in SLE15 (jsc#PED-3402) - Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511) - update to 1.2.0 (bsc#1054799, bsc#1054802) This release also addresses two security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a denial of service on 32-bit if a backend sends crafted answers, and the second to an alteration of dnsdist’s ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website. </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor