Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

openSUSE 15 SP6 Coredns Important Access Control Fix 2026-0079-1

opensuse
Calendar Grey March 11, 2026
Dist Opensuse Esm H88
This update addresses 8 significant issues in coredns on openSUSE, including denial of service and access control flaws.
An update that fixes 8 vulnerabilities is now available.

Description

This update for coredns fixes the following issues:

Update to version 1.14.2:

- CVE-2026-26017: Fixed DNS access control bypass due to default execution

order of plugins and TOCTOU flaw (bsc#1259320).

- CVE-2026-26018: Fixed denial of service in the loop detection plugin due

to predictable PRNG combined with fatal error handler (bsc#1259319).

Update to version 1.14.1:

- This release primarily addresses security vulnerabilities affecting Go

versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728,

CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119).

- CVE-2025-68156: Fixed uncontrolled recursion in expression evaluation

can cause a denial of service (bsc#1255345).

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-79=1

Package List

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

coredns-1.14.2-bp156.4.16.1

- openSUSE Backports SLE-15-SP6 (noarch):

coredns-extras-1.14.2-bp156.4.16.1

References

https://www.suse.com/security/cve/CVE-2025-61726.html

https://www.suse.com/security/cve/CVE-2025-61728.html

https://www.suse.com/security/cve/CVE-2025-61731.html

https://www.suse.com/security/cve/CVE-2025-68119.html

https://www.suse.com/security/cve/CVE-2025-68121.html

https://www.suse.com/security/cve/CVE-2025-68156.html

https://www.suse.com/security/cve/CVE-2026-26017.html

https://www.suse.com/security/cve/CVE-2026-26018.html

https://bugzilla.suse.com/1255345

https://bugzilla.suse.com/1259319

https://bugzilla.suse.com/1259320

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0079-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here