openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2024:0319-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.18.1.2024.0319.1

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (openSUSE-SU-2024:0319-1)

Summary: The remote host is missing an update for the 'coredns' package(s) announced via the openSUSE-SU-2024:0319-1 advisory.

Description: Summary:
The remote host is missing an update for the 'coredns' package(s) announced via the openSUSE-SU-2024:0319-1 advisory.

Vulnerability Insight:
This update for coredns fixes the following issues:

Update to version 1.11.3:

* optimize the performance for high qps (#6767)
* bump deps
* Fix zone parser error handling (#6680)
* Add alternate option to forward plugin (#6681)
* fix: plugin/file: return error when parsing the file fails (#6699)
* [fix:documentation] Clarify autopath README (#6750)
* Fix outdated test (#6747)
* Bump go version from 1.21.8 to 1.21.11 (#6755)
* Generate zplugin.go correctly with third-party plugins (#6692)
* dnstap: uses pointer receiver for small response writer (#6644)
* chore: fix function name in comment (#6608)
* [plugin/forward] Strip local zone from IPV6 nameservers (#6635)
- fixes CVE-2023-30464
- fixes CVE-2023-28452

Update to upstream head (git commit #5a52707):

* bump deps to address security issue CVE-2024-22189
* Return RcodeServerFailure when DNS64 has no next plugin (#6590)
* add plusserver to adopters (#6565)
* Change the log flags to be a variable that can be set prior to calling Run (#6546)
* Enable Prometheus native histograms (#6524)
* forward: respect context (#6483)
* add client labels to k8s plugin metadata (#6475)
* fix broken link in webpage (#6488)
* Repo controlled Go version (#6526)
* removed the mutex locks with atomic bool (#6525)

Update to version 1.11.2:

* rewrite: fix multi request concurrency issue in cname rewrite (#6407)
* plugin/tls: respect the path specified by root plugin (#6138)
* plugin/auto: warn when auto is unable to read elements of the directory tree (#6333)
* fix: make the codeowners link relative (#6397)
* plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351)
* plugin/cache: key cache on Checking Disabled (CD) bit (#6354)
* Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395)
* Add PITS Global Data Recovery Services as an adopter (#6304)
* Handle UDP responses that overflow with TC bit with test case (#6277)
* plugin/rewrite: add rcode as a rewrite option (#6204)

- CVE-2024-0874: coredns: CD bit response is cached and served later

- Update to version 1.11.1:

* Revert 'plugin/forward: Continue waiting after receiving malformed responses
* plugin/dnstap: add support for 'extra' field in payload
* plugin/cache: fix keepttl parsing

- Update to version 1.11.0:

* Adds support for accepting DNS connections over QUIC (doq).
* Adds CNAME target rewrites to the rewrite plugin.
* Plus many bug fixes, and some security improvements.
* This release introduces the following backward incompatible changes:
+ In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta,
since all supported K8s versions now use Endpointslice.
+ The bufsize plugin changed its default size limit value to 1232
+ Some changes to forward plugin metrics.

- Update to version 1.10.1:

* Corrected architecture labels in multi-arch image manifest
... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'coredns' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-27191
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://groups.google.com/g/golang-announce
Common Vulnerability Exposure (CVE) ID: CVE-2022-28948
https://github.com/go-yaml/yaml/issues/666
Common Vulnerability Exposure (CVE) ID: CVE-2023-28452
Common Vulnerability Exposure (CVE) ID: CVE-2023-30464
Common Vulnerability Exposure (CVE) ID: CVE-2024-0874
RHBZ#2219234
https://bugzilla.redhat.com/show_bug.cgi?id=2219234
https://access.redhat.com/security/cve/CVE-2024-0874
https://github.com/coredns/coredns/issues/6186
https://github.com/coredns/coredns/pull/6354
Common Vulnerability Exposure (CVE) ID: CVE-2024-22189
https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a
https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478
https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management
https://www.youtube.com/watch?v=JqXtYcZAtIA&t=3683s

Copyright Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.18.1.2024.0319.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (openSUSE-SU-2024:0319-1)
Summary:	The remote host is missing an update for the 'coredns' package(s) announced via the openSUSE-SU-2024:0319-1 advisory.
Description:	Summary: The remote host is missing an update for the 'coredns' package(s) announced via the openSUSE-SU-2024:0319-1 advisory. Vulnerability Insight: This update for coredns fixes the following issues: Update to version 1.11.3: * optimize the performance for high qps (#6767) * bump deps * Fix zone parser error handling (#6680) * Add alternate option to forward plugin (#6681) * fix: plugin/file: return error when parsing the file fails (#6699) * [fix:documentation] Clarify autopath README (#6750) * Fix outdated test (#6747) * Bump go version from 1.21.8 to 1.21.11 (#6755) * Generate zplugin.go correctly with third-party plugins (#6692) * dnstap: uses pointer receiver for small response writer (#6644) * chore: fix function name in comment (#6608) * [plugin/forward] Strip local zone from IPV6 nameservers (#6635) - fixes CVE-2023-30464 - fixes CVE-2023-28452 Update to upstream head (git commit #5a52707): * bump deps to address security issue CVE-2024-22189 * Return RcodeServerFailure when DNS64 has no next plugin (#6590) * add plusserver to adopters (#6565) * Change the log flags to be a variable that can be set prior to calling Run (#6546) * Enable Prometheus native histograms (#6524) * forward: respect context (#6483) * add client labels to k8s plugin metadata (#6475) * fix broken link in webpage (#6488) * Repo controlled Go version (#6526) * removed the mutex locks with atomic bool (#6525) Update to version 1.11.2: * rewrite: fix multi request concurrency issue in cname rewrite (#6407) * plugin/tls: respect the path specified by root plugin (#6138) * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333) * fix: make the codeowners link relative (#6397) * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351) * plugin/cache: key cache on Checking Disabled (CD) bit (#6354) * Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395) * Add PITS Global Data Recovery Services as an adopter (#6304) * Handle UDP responses that overflow with TC bit with test case (#6277) * plugin/rewrite: add rcode as a rewrite option (#6204) - CVE-2024-0874: coredns: CD bit response is cached and served later - Update to version 1.11.1: * Revert 'plugin/forward: Continue waiting after receiving malformed responses * plugin/dnstap: add support for 'extra' field in payload * plugin/cache: fix keepttl parsing - Update to version 1.11.0: * Adds support for accepting DNS connections over QUIC (doq). * Adds CNAME target rewrites to the rewrite plugin. * Plus many bug fixes, and some security improvements. * This release introduces the following backward incompatible changes: + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, since all supported K8s versions now use Endpointslice. + The bufsize plugin changed its default size limit value to 1232 + Some changes to forward plugin metrics. - Update to version 1.10.1: * Corrected architecture labels in multi-arch image manifest ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'coredns' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-27191 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://groups.google.com/g/golang-announce Common Vulnerability Exposure (CVE) ID: CVE-2022-28948 https://github.com/go-yaml/yaml/issues/666 Common Vulnerability Exposure (CVE) ID: CVE-2023-28452 Common Vulnerability Exposure (CVE) ID: CVE-2023-30464 Common Vulnerability Exposure (CVE) ID: CVE-2024-0874 RHBZ#2219234 https://bugzilla.redhat.com/show_bug.cgi?id=2219234 https://access.redhat.com/security/cve/CVE-2024-0874 https://github.com/coredns/coredns/issues/6186 https://github.com/coredns/coredns/pull/6354 Common Vulnerability Exposure (CVE) ID: CVE-2024-22189 https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478 https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management https://www.youtube.com/watch?v=JqXtYcZAtIA&t=3683s
Copyright	Copyright (C) 2025 Greenbone AG