Overview

File _patchinfo of Package patchinfo.28820

<patchinfo incident="28820">
  <issue tracker="cve" id="2016-7069"/>
  <issue tracker="cve" id="2017-7557"/>
  <issue tracker="cve" id="2018-14663"/>
  <issue tracker="bnc" id="1054799">VUL-0: CVE-2016-7069: dnsdist: Crafted backend responses can cause a denial of service</issue>
  <issue tracker="bnc" id="1114511">VUL-0: CVE-2018-14663: dnsdist: 2018-08: Record smuggling when adding ECS or XPF</issue>
  <issue tracker="bnc" id="1054802">VUL-0: CVE-2017-7557: dnsdist: Alteration of ACLs via API authentication bypass</issue>
  <packager>adamm</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for dnsdist</summary>
  <description>This update for dnsdist fixes the following issues:


- update to 1.8.0
  - Implements dnsdist in SLE15 (jsc#PED-3402)
  - Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511)

- update to 1.2.0 (bsc#1054799, bsc#1054802)
  This release also addresses two security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a
  denial of service on 32-bit if a backend sends crafted answers,
  and the second to an alteration of dnsdist&#8217;s ACL if the API is
  enabled, writable and an authenticated user is tricked into
  visiting a crafted website. 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places