[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2024:0319-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":26,"duplicates":27,"related":28,"reserved_at":9,"published_at":35,"modified_at":36,"state":9,"summary":37,"references_raw":39,"kevs":72,"epss":9,"epss_history":73,"metrics":74,"affected":75},"OPENSUSE-SU-2024:0319-1","Security update for coredns\n\nThis update for coredns fixes the following issues:\n\nUpdate to version 1.11.3:\n\n  * optimize the performance for high qps (#6767)\n  * bump deps\n  * Fix zone parser error handling (#6680)\n  * Add alternate option to forward plugin (#6681)\n  * fix: plugin/file: return error when parsing the file fails (#6699)\n  * [fix:documentation] Clarify autopath README (#6750)\n  * Fix outdated test (#6747)\n  * Bump go version from 1.21.8 to 1.21.11 (#6755)\n  * Generate zplugin.go correctly with third-party plugins (#6692)\n  * dnstap: uses pointer receiver for small response writer (#6644)\n  * chore: fix function name in comment (#6608)\n  * [plugin/forward] Strip local zone from IPV6 nameservers (#6635)\n- fixes CVE-2023-30464\n- fixes CVE-2023-28452\n\nUpdate to upstream head (git commit #5a52707):\n\n  * bump deps to address security issue CVE-2024-22189\n  * Return RcodeServerFailure when DNS64 has no next plugin (#6590)\n  * add plusserver to adopters (#6565)\n  * Change the log flags to be a variable that can be set prior to calling Run (#6546)\n  * Enable Prometheus native histograms (#6524)\n  * forward: respect context (#6483)\n  * add client labels to k8s plugin metadata (#6475)\n  * fix broken link in webpage (#6488)\n  * Repo controlled Go version (#6526)\n  * removed the mutex locks with atomic bool (#6525)\n\nUpdate to version 1.11.2:\n\n  * rewrite: fix multi request concurrency issue in cname rewrite  (#6407)\n  * plugin/tls: respect the path specified by root plugin (#6138)\n  * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333)\n  * fix: make the codeowners link relative (#6397)\n  * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351)\n  * plugin/cache: key cache on Checking Disabled (CD) bit (#6354)\n  * Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395)\n  * Add PITS Global Data Recovery Services as an adopter (#6304)\n  * Handle UDP responses that overflow with TC bit with test case (#6277)\n  * plugin/rewrite: add rcode as a rewrite option (#6204)\n\n- CVE-2024-0874: coredns: CD bit response is cached and served later\n\n- Update to version 1.11.1:\n\n  * Revert “plugin/forward: Continue waiting after receiving malformed responses\n  * plugin/dnstap: add support for “extra” field in payload\n  * plugin/cache: fix keepttl parsing\n\n- Update to version 1.11.0:\n\n  * Adds support for accepting DNS connections over QUIC (doq).\n  * Adds CNAME target rewrites to the rewrite plugin.\n  * Plus many bug fixes, and some security improvements.\n  * This release introduces the following backward incompatible changes:\n   + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, \n     since all supported K8s versions now use Endpointslice.\n   + The bufsize plugin changed its default size limit value to 1232\n   + Some changes to forward plugin metrics.\n\n- Update to version 1.10.1:\n\n  * Corrected architecture labels in multi-arch image manifest\n  * A new plugin timeouts that allows configuration of server listener timeout durations\n  * acl can drop queries as an action\n  * template supports creating responses with extended DNS errors\n  * New weighted policy in loadbalance\n  * Option to serve original record TTLs from cache\n\n- Update to version 1.10.0:\n\n\t* core: add log listeners for k8s_event plugin (#5451)\n\t* core: log DoH HTTP server error logs in CoreDNS format (#5457)\n\t* core: warn when domain names are not in RFC1035 preferred syntax (#5414)\n\t* plugin/acl: add support for extended DNS errors (#5532)\n\t* plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602)\n\t* plugin/cache: add cache disable option (#5540)\n\t* plugin/cache: add metadata for wildcard record responses (#5308)\n\t* plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320)\n\t* plugin/cache: correct responses to Authenticated Data requests (#5191)\n\t* plugin/dnstap: add identity and version support for the dnstap plugin (#5555)\n\t* plugin/file: add metadata for wildcard record responses (#5308)\n\t* plugin/forward: enable multiple forward declarations (#5127)\n\t* plugin/forward: health_check needs to normalize a specified domain name (#5543)\n\t* plugin/forward: remove unused coredns_forward_sockets_open metric (#5431)\n\t* plugin/header: add support for query modification (#5556)\n\t* plugin/health: bypass proxy in self health check (#5401)\n\t* plugin/health: don't go lameduck when reloading (#5472)\n\t* plugin/k8s_external: add support for PTR requests (#5435)\n\t* plugin/k8s_external: resolve headless services (#5505)\n\t* plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461)\n\t* plugin/ready: reset list of readiness plugins on startup (#5492)\n\t* plugin/rewrite: add PTR records to supported types (#5565)\n\t* plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459)\n\t* plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462)\n\t* plugin/rewrite: support min and max TTL values (#5508)\n\t* plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460)\n\t* plugin/trace: read trace context info from headers for DOH (#5439)\n\t* plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957)\n\t* core: update gopkg.in/yaml.v3 to fix CVE-2022-28948 \n\t* core: update golang.org/x/crypto to fix CVE-2022-27191 \n\t* plugin/acl: adding a check to parse out zone info \n\t* plugin/dnstap: support FQDN TCP endpoint \n\t* plugin/errors: add stacktrace option to log a stacktrace during panic recovery \n\t* plugin/template: return SERVFAIL for zone-match regex-no-match case \n",null,[],[],[],[14,16,18,20,22,24],{"_key":15},"CVE-2022-27191",{"_key":17},"CVE-2022-28948",{"_key":19},"CVE-2023-28452",{"_key":21},"CVE-2023-30464",{"_key":23},"CVE-2024-0874",{"_key":25},"CVE-2024-22189",[],[],[29,30,31,32,33,34],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},"2024-09-27T14:01:32Z","2026-02-04T03:04:36.822102Z",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[40,47,52,56,60,64,68],{"url":41,"sources":42,"tags":45},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JLUFKCHWHJJ2MQ6XRREF7D4OOWB23V2/",[43,44],"osv_suse","osv_opensuse",[46],"Advisory",{"url":48,"sources":49,"tags":50},"https://www.suse.com/security/cve/CVE-2022-27191",[43,44],[51],"WEB",{"url":53,"sources":54,"tags":55},"https://www.suse.com/security/cve/CVE-2022-28948",[43,44],[51],{"url":57,"sources":58,"tags":59},"https://www.suse.com/security/cve/CVE-2023-28452",[43,44],[51],{"url":61,"sources":62,"tags":63},"https://www.suse.com/security/cve/CVE-2023-30464",[43,44],[51],{"url":65,"sources":66,"tags":67},"https://www.suse.com/security/cve/CVE-2024-0874",[43,44],[51],{"url":69,"sources":70,"tags":71},"https://www.suse.com/security/cve/CVE-2024-22189",[43,44],[51],[],[],[],[76,89],{"ecosystem":77,"name":78,"vendor":79,"product":80,"cpe_part":9,"purl_type":81,"purl_namespace":79,"purl_name":80,"source":9,"versions":82},"openSUSE","coredns","opensuse","coredns&distro=openSUSE Leap 15.6","rpm",[83],{"version":84,"is_range":85,"range_type":86,"version_start":9,"version_start_type":9,"version_end":87,"version_end_type":88,"fixed_in":9},"lt1_11_3_bp156_4_3_1",true,"ecosystem","1.11.3-bp156.4.3.1","excluding",{"ecosystem":90,"name":78,"vendor":91,"product":92,"cpe_part":9,"purl_type":81,"purl_namespace":91,"purl_name":92,"source":9,"versions":93},"SUSE Linux Enterprise","suse","coredns&distro=SUSE Package Hub 15 SP6",[94],{"version":84,"is_range":85,"range_type":86,"version_start":9,"version_start_type":9,"version_end":87,"version_end_type":88,"fixed_in":9}]