File _patchinfo of Package patchinfo

<patchinfo incident="19390">
  <issue tracker="bnc" id="1259319">VUL-0: CVE-2026-26018: coredns: denial of service in the loop detection plugin due to predictable PRNG combined with fatal error handler</issue>
  <issue tracker="bnc" id="1259320">VUL-0: CVE-2026-26017: coredns: DNS access control bypass due to default execution order of plugins and TOCTOU flaw</issue>
  <issue tracker="bnc" id="1255345">VUL-0: CVE-2025-68156: coredns: github.com/expr-lang/expr/builtin: uncontrolled recursion in expression evaluation can cause a denial of service</issue>
  <issue tracker="cve" id="2025-68121"/>
  <issue tracker="cve" id="2026-26017"/>
  <issue tracker="cve" id="2025-61726"/>
  <issue tracker="cve" id="2025-61731"/>
  <issue tracker="cve" id="2025-68119"/>
  <issue tracker="cve" id="2025-68156"/>
  <issue tracker="cve" id="2025-61728"/>
  <issue tracker="cve" id="2026-26018"/>
  <packager>amanzini</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for coredns</summary>
  <description>This update for coredns fixes the following issues:

Update to version 1.14.2:

- CVE-2026-26017: Fixed DNS access control bypass due to default execution
  order of plugins and TOCTOU flaw (bsc#1259320).
- CVE-2026-26018: Fixed denial of service in the loop detection plugin due to
  predictable PRNG combined with fatal error handler (bsc#1259319).

Update to version 1.14.1:

- This release primarily addresses security vulnerabilities affecting Go
  versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728, CVE-2025-61726,
  CVE-2025-68121, CVE-2025-61731, CVE-2025-68119). 

- CVE-2025-68156: Fixed uncontrolled recursion in expression evaluation can
  cause a denial of service (bsc#1255345).
</description>
</patchinfo>