Alerts This Week
Warning Icon 1 409
Alerts This Week
Warning Icon 1 409

Fedora 44 dnsdist Severe Denial Of Service Flaw Advisory 2026-51cdd1292b

fedora
Calendar Grey June 14, 2026
Dist Fedora Esm H88
Critical security advisory on Fedora 44 for dnsdist addressing multiple denial of service vulnerabilities. Updates advised.
Bug Fixes: CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of se...

Summary

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life

is to route traffic to the best server, delivering top performance to

legitimate users while shunting or blocking abusive traffic.

Update Information:

Bug Fixes: CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default CVE-2026-33257: An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The web server is disabled and restricted by an ACL by default CVE-2026-33260: An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The web server is disabled and restricted by an ACL by default CVE-2026-33593: A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query CVE-2026-33595: A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection. DOQ and Do...

Topics%20covered

Topics Covered

security advisory denial of service fedora critical memory allocation dnsdist

Change Log

* Fri Jun 5 2026 Filipe Rosset - 2.0.6-1 - update to 2.0.6 fixes rhbz#2460540 * Fri May 29 2026 Miroslav Suchý - 2.0.3-2 - rebuild for https://fedoraproject.org/wiki/Changes/Protobuf_5.x/6.x

References


[ 1 ] Bug #2460830 - CVE-2026-33260 dnsdist: insufficient input validation of internal webserver [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460830 [ 2 ] Bug #2460831 - CVE-2026-33260 dnsdist: insufficient input validation of internal webserver [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460831 [ 3 ] Bug #2460832 - CVE-2026-33257 dnsdist: insufficient input validation of internal webserver [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460832 [ 4 ] Bug #2460833 - CVE-2026-33257 dnsdist: insufficient input validation of internal webserver [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460833 [ 5 ] Bug #2460834 - CVE-2026-33596 dnsdist: TCP backend stream ID overflow [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460834 [ 6 ] Bug #2460835 - CVE-2026-33596 dnsdist: TCP backend stream ID overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460835 [ 7 ] Bug #...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-51cdd1292b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: dnsdist
Product: Fedora 44
Version: 2.0.6
Release: 1.fc44
URL: https://dnsdist.org
Summary: Highly DNS-, DoS- and abuse-aware loadbalancer

Topics%20covered

Topics Covered

security advisory denial of service fedora critical memory allocation dnsdist

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here