Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

SUSE dnsdist Moderate DoS Information Disclosure Advisory 2026-22319-1

suse
Calendar Grey July 1, 2026
Dist Suse Esm H88
An important SUSE security advisory for dnsdist patching 18 issues including DoS and disclosure risks effectively.
An update that solves 18 vulnerabilities can now be installed.

Summary

## This update for dnsdist fixes the following issues * CVE-2026-0396: crafted DNS queries can allow to inject HTML content (bsc#1261236). * CVE-2026-0397: CORS misconfiguration can lead to information disclosure (bsc#1261237). * CVE-2026-24028: crafted DNS response packet can lead to an out-of-bounds read (bsc#1261238). * CVE-2026-24029: HTTPS ACL bypass can allow clients to send DoH queries (bsc#1261239). * CVE-2026-24030: allocating too much memory while processing DNS can result in a denial of service (bsc#1261240). * CVE-2026-27853: crafted DNS responses can lead to an out-of-bounds write (bsc#1261241). * CVE-2026-27854: crafted DNS queries can be used to trigger a use-after-free (bsc#1261243). * CVE-2026-33254: Resource exhaustion via DoQ/DoH3 connections (bsc#1262538).

References

* bsc#1261236

* bsc#1261237

* bsc#1261238

* bsc#1261239

* bsc#1261240

* bsc#1261241

* bsc#1261243

* bsc#1262536

* bsc#1262537

* bsc#1262538

* bsc#1262539

* bsc#1262540

* bsc#1262541

* bsc#1262542

* bsc#1262543

* bsc#1262544

* bsc#1262545

* bsc#1262546

Cross-

* CVE-2026-0396

* CVE-2026-0397

* CVE-2026-24028

* CVE-2026-24029

* CVE-2026-24030

* CVE-2026-27853

* CVE-2026-27854

* CVE-2026-33254

* CVE-2026-33257

* CVE-2026-33260

* CVE-2026-33593

* CVE-2026-33594

* CVE-2026-33595

* CVE-2026-33596

* CVE-2026-33597

* CVE-2026-33598

* CVE-2026-33599

* CVE-2026-33602

CVSS scores:

* CVE-2026-0396 ( SUSE ): 2.1

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-0396 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:22319-1
Release Date: 2026-06-22T14:30:36Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here