This update for coredns fixes the following issues:
- Update to version 1.14.1:
* This release primarily addresses security vulnerabilities affecting Go
versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728,
CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119). It
also includes performance improvements to the proxy plugin via
multiplexed connections, along with various documentation updates.
- CVE-2025-68156: Fixed a denial of service due to uncontrolled recursion
in expression evaluation (bsc#1255345)
- Update to version 1.14.0:
* core: Fix gosec G115 integer overflow warnings
* core: Add regex length limit
* plugin/azure: Fix slice init length
* plugin/errors: Add optional show_first flag to consolidate directive
* plugin/file: Fix for misleading SOA parser warnings
* plugin/kubernetes: Rate limits to api server
* plugin/metrics: Implement plugin chain tracking
*...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-32=1
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):
coredns-1.14.1-bp157.2.10.1
coredns-debuginfo-1.14.1-bp157.2.10.1
- openSUSE Backports SLE-15-SP7 (noarch):
coredns-extras-1.14.1-bp157.2.10.1
https://www.suse.com/security/cve/CVE-2025-61726.html
https://www.suse.com/security/cve/CVE-2025-61728.html
https://www.suse.com/security/cve/CVE-2025-61731.html
https://www.suse.com/security/cve/CVE-2025-68119.html
https://www.suse.com/security/cve/CVE-2025-68121.html
https://www.suse.com/security/cve/CVE-2025-68156.html
https://bugzilla.suse.com/1255345
Get the latest Linux and open source security news straight to your inbox.