Alerts This Week
Warning Icon 1 1,234
Alerts This Week
Warning Icon 1 1,234

openSUSE dnsdist Moderate DoS Info Disclosure Advisory 2026-21015-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
This security advisory addresses 18 vulnerabilities and bug fixes in dnsdist for openSUSE, emphasizing moderate risks.
An update that solves 18 vulnerabilities and has 18 bug fixes can now be installed.

Description

This update for dnsdist fixes the following issues

- CVE-2026-0396: crafted DNS queries can allow to inject HTML content (bsc#1261236).

- CVE-2026-0397: CORS misconfiguration can lead to information disclosure (bsc#1261237).

- CVE-2026-24028: crafted DNS response packet can lead to an out-of-bounds read (bsc#1261238).

- CVE-2026-24029: HTTPS ACL bypass can allow clients to send DoH queries (bsc#1261239).

- CVE-2026-24030: allocating too much memory while processing DNS can result in a denial of service (bsc#1261240).

- CVE-2026-27853: crafted DNS responses can lead to an out-of-bounds write (bsc#1261241).

- CVE-2026-27854: crafted DNS queries can be used to trigger a use-after-free (bsc#1261243).

- CVE-2026-33254: Resource exhaustion via DoQ/DoH3 connections (bsc#1262538).

- CVE-2026-33257: Insufficient input validation of internal webserver (bsc#1262536).

- CVE-2026-33260: Insufficient input validation of internal webserver (bsc#1262537).

- CVE-2026-33593: Denial of service via...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate information disclosure memory allocation OpenSUSE dnsdist

Patch

Package List

- openSUSE Leap 16.0:

dnsdist-1.9.13-160000.1.1

References

* bsc#1261236

* bsc#1261237

* bsc#1261238

* bsc#1261239

* bsc#1261240

* bsc#1261241

* bsc#1261243

* bsc#1262536

* bsc#1262537

* bsc#1262538

* bsc#1262539

* bsc#1262540

* bsc#1262541

* bsc#1262542

* bsc#1262543

* bsc#1262544

* bsc#1262545

* bsc#1262546

References:

* https://www.suse.com/security/cve/CVE-2026-0396.html

* https://www.suse.com/security/cve/CVE-2026-0397.html

* https://www.suse.com/security/cve/CVE-2026-24028.html

* https://www.suse.com/security/cve/CVE-2026-24029.html

* https://www.suse.com/security/cve/CVE-2026-24030.html

* https://www.suse.com/security/cve/CVE-2026-27853.html

* https://www.suse.com/security/cve/CVE-2026-27854.html

* https://www.suse.com/security/cve/CVE-2026-33254.html

* https://www.suse.com/security/cve/CVE-2026-33257.html

* https://www.suse.com/security/cve/CVE-2026-33260.html

* https://www.suse.com/security/cve/CVE-2026-33593.html

* https://www.suse.com/security/cve/CVE-2026-33594.html

* https://www.suse.com/security/cve/CVE-2026-33595.html

*...

Read the Full Advisory

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21015-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory moderate information disclosure memory allocation OpenSUSE dnsdist

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here