Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

openSUSE 2026-0032-1 coredns Important Denial of Service Fix

opensuse
Calendar Grey January 30, 2026
Dist Opensuse Esm H88
This update for coredns addresses important issues related to denial of service and security vulnerabilities.
An update that fixes 6 vulnerabilities is now available.

Description

This update for coredns fixes the following issues:

- Update to version 1.14.1:

* This release primarily addresses security vulnerabilities affecting Go

versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728,

CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119). It

also includes performance improvements to the proxy plugin via

multiplexed connections, along with various documentation updates.

- CVE-2025-68156: Fixed a denial of service due to uncontrolled recursion

in expression evaluation (bsc#1255345)

- Update to version 1.14.0:

* core: Fix gosec G115 integer overflow warnings

* core: Add regex length limit

* plugin/azure: Fix slice init length

* plugin/errors: Add optional show_first flag to consolidate directive

* plugin/file: Fix for misleading SOA parser warnings

* plugin/kubernetes: Rate limits to api server

* plugin/metrics: Implement plugin chain tracking

*...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-32=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

coredns-1.14.1-bp157.2.10.1

coredns-debuginfo-1.14.1-bp157.2.10.1

- openSUSE Backports SLE-15-SP7 (noarch):

coredns-extras-1.14.1-bp157.2.10.1

References

https://www.suse.com/security/cve/CVE-2025-61726.html

https://www.suse.com/security/cve/CVE-2025-61728.html

https://www.suse.com/security/cve/CVE-2025-61731.html

https://www.suse.com/security/cve/CVE-2025-68119.html

https://www.suse.com/security/cve/CVE-2025-68121.html

https://www.suse.com/security/cve/CVE-2025-68156.html

https://bugzilla.suse.com/1255345

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0032-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here