File _patchinfo of Package patchinfo.28820
<patchinfo incident="28820">
<issue tracker="cve" id="2016-7069"/>
<issue tracker="cve" id="2017-7557"/>
<issue tracker="cve" id="2018-14663"/>
<issue tracker="bnc" id="1054799">VUL-0: CVE-2016-7069: dnsdist: Crafted backend responses can cause a denial of service</issue>
<issue tracker="bnc" id="1114511">VUL-0: CVE-2018-14663: dnsdist: 2018-08: Record smuggling when adding ECS or XPF</issue>
<issue tracker="bnc" id="1054802">VUL-0: CVE-2017-7557: dnsdist: Alteration of ACLs via API authentication bypass</issue>
<packager>adamm</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for dnsdist</summary>
<description>This update for dnsdist fixes the following issues:
- update to 1.8.0
- Implements dnsdist in SLE15 (jsc#PED-3402)
- Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511)
- update to 1.2.0 (bsc#1054799, bsc#1054802)
This release also addresses two security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a
denial of service on 32-bit if a backend sends crafted answers,
and the second to an alteration of dnsdist’s ACL if the API is
enabled, writable and an authenticated user is tricked into
visiting a crafted website.
</description>
</patchinfo>