Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Fedora 2027-0123-5 Tools Major Hazard Security Warning on Possible Downtime

opensuse
Calendar Grey March 11, 2026
Dist Opensuse Esm H88
An important update for openSUSE coredns fixes three security issues, reinforcing system integrity and availability.
An update that fixes three vulnerabilities is now available.

Description

This update for coredns fixes the following issues:

Update to version 1.14.2:

- CVE-2026-26017: Fixed DNS access control bypass due to default execution

order of plugins and TOCTOU flaw (bsc#1259320).

- CVE-2026-26018: Fixed denial of service in the loop detection plugin due

to predictable PRNG combined with fatal error handler (bsc#1259319).

- CVE-2025-68156: Fixed uncontrolled recursion in expression evaluation

can cause a denial of service (bsc#1255345).

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-80=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

coredns-1.14.2-bp157.2.13.1

- openSUSE Backports SLE-15-SP7 (noarch):

coredns-extras-1.14.2-bp157.2.13.1

References

https://www.suse.com/security/cve/CVE-2025-68156.html

https://www.suse.com/security/cve/CVE-2026-26017.html

https://www.suse.com/security/cve/CVE-2026-26018.html

https://bugzilla.suse.com/1255345

https://bugzilla.suse.com/1259319

https://bugzilla.suse.com/1259320

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0080-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here