Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora Linux Micro 7.1: 2025:30127-2 high: dnsmasq Exploit

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
SUSE's recent security fix tackles unregulated name compression, which can result in DoS threats within unbound. Key patch specifics are outlined.
* bsc#1231284 Cross-References: * CVE-2024-8508

Summary

## This update for unbound fixes the following issues: * Update to 1.22.0: Features: * Add iter-scrub-ns, iter-scrub-cname and max-global-quota configuration options. * Merge patch to fix for glue that is outside of zone, with `harden- unverified-glue`, from Karthik Umashankar (Microsoft). Enabling this option protects the Unbound resolver against bad glue, that is unverified out of zone glue, by resolving them. It uses the records as last resort if there is no other working glue. * Add redis-command-timeout: 20 and redis-connect-timeout: 200, that can set the timeout separately for commands and the connection set up to the redis server. If they are not specified, the redis-timeout value is used. * Log timestamps in ISO8601 format with timezone. This adds the option `log- time-iso: yes` that logs in ISO8601 format.

References

* bsc#1231284

Cross-

* CVE-2024-8508

CVSS scores:

* CVE-2024-8508 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

* CVE-2024-8508 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

* CVE-2024-8508 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-8508 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* SUSE Linux Micro 6.0

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2024-8508.html

* https://bugzilla.suse.com/show_bug.cgi?id=1231284

Announcement ID: SUSE-SU-2025:20126-1
Release Date: 2025-02-13T12:29:03Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here