[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2026:20099-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":29,"modified_at":30,"state":9,"summary":31,"references_raw":33,"kevs":73,"epss":9,"epss_history":74,"metrics":75,"affected":76},"OPENSUSE-SU-2026:20099-1","Security update for coredns\n\nThis update for coredns fixes the following issues:\n\nChanges in coredns:\n\n- fix CVE-2025-68156 bsc#1255345\n- fix CVE-2025-68161 bsc#1256411\n- Update to version 1.14.0:\n  * core: Fix gosec G115 integer overflow warnings\n  * core: Add regex length limit\n  * plugin/azure: Fix slice init length\n  * plugin/errors: Add optional show_first flag to consolidate directive\n  * plugin/file: Fix for misleading SOA parser warnings\n  * plugin/kubernetes: Rate limits to api server\n  * plugin/metrics: Implement plugin chain tracking\n  * plugin/sign: Report parser err before missing SOA\n  * build(deps): bump github.com/expr-lang/expr from 1.17.6 to 1.17.7\n\n- Update to version 1.13.2:\n  * core: Add basic support for DoH3\n  * core: Avoid proxy unnecessary alloc in Yield\n  * core: Fix usage of sync.Pool to save an alloc\n  * core: Fix data race with sync.RWMutex for uniq\n  * core: Prevent QUIC reload panic by lazily initializing the listener\n  * core: Refactor/use reflect.TypeFor\n  * plugin/auto: Limit regex length\n  * plugin/cache: Remove superfluous allocations in item.toMsg\n  * plugin/cache: Isolate metadata in prefetch goroutine\n  * plugin/cache: Correct spelling of MaximumDefaultTTL in cache and dnsutil\n    packages\n  * plugin/dnstap: Better error handling (redial & logging) when Dnstap is busy\n  * plugin/file: Performance finetuning\n  * plugin/forward: Disallow NOERROR in failover\n  * plugin/forward: Added support for per-nameserver TLS SNI\n  * plugin/forward: Prevent busy loop on connection err\n  * plugin/forward: Add max connect attempts knob\n  * plugin/geoip: Add ASN schema support\n  * plugin/geoip: Add support for subdivisions\n  * plugin/kubernetes: Fix kubernetes plugin logging\n  * plugin/multisocket: Cap num sockets to prevent OOM\n  * plugin/nomad: Support service filtering\n  * plugin/rewrite: Pre-compile CNAME rewrite regexp\n  * plugin/secondary: Fix reload causing secondary plugin goroutine to leak\n\n- Update to version 1.13.1:\n  * core: Avoid string concatenation in loops\n  * core: Update golang to 1.25.2 and golang.org/x/net to v0.45.0 on CVE fixes\n  * plugin/sign: Reject invalid UTF‑8 dbfile token\n\n- Update to version 1.13.0:\n  * core: Export timeout values in dnsserver.Server\n  * core: Fix Corefile infinite loop on unclosed braces\n  * core: Fix Corefile related import cycle issue\n  * core: Normalize panics on invalid origins\n  * core: Rely on dns.Server.ShutdownContext to gracefully stop\n  * plugin/dnstap: Add bounds for plugin args\n  * plugin/file: Fix data race in tree Elem.Name\n  * plugin/forward: No failover to next upstream when receiving SERVFAIL or\n    REFUSED response codes\n  * plugin/grpc: Enforce DNS message size limits\n  * plugin/loop: Prevent panic when ListenHosts is empty\n  * plugin/loop: Avoid panic on invalid server block\n  * plugin/nomad: Add a Nomad plugin\n  * plugin/reload: Prevent SIGTERM/reload deadlock\n\n- fix CVE-2025-58063 bsc#1249389\n- Update to version 1.12.4:\n  * bump deps\n  * fix(transfer): goroutine leak on axfr err (#7516)\n  * plugin/etcd: fix import order for ttl test (#7515)\n  * fix(grpc): check proxy list length in policies (#7512)\n  * fix(https): propagate HTTP request context (#7491)\n  * fix(plugin): guard nil lookups across plugins (#7494)\n  * lint: add missing prealloc to backend lookup test (#7510)\n  * fix(grpc): span leak on error attempt (#7487)\n  * test(plugin): improve backend lookup coverage (#7496)\n  * lint: enable prealloc (#7493)\n  * lint: enable durationcheck (#7492)\n  * Add Sophotech to adopters list (#7495)\n  * plugin: Use %w to wrap user error (#7489)\n  * fix(metrics): add timeouts to metrics HTTP server (#7469)\n  * chore(ci): restrict token permissions (#7470)\n  * chore(ci): pin workflow dependencies (#7471)\n  * fix(forward): use netip package for parsing (#7472)\n  * test(plugin): improve test coverage for pprof (#7473)\n  * build(deps): bump github.com/go-viper/mapstructure/v2 (#7468)\n  * plugin/file: fix label offset problem in ClosestEncloser (#7465)\n  * feat(trace): migrate dd-trace-go v1 to v2 (#7466)\n  * test(multisocket): deflake restart by using a fresh port and coordinated cleanup (#7438)\n  * chore: update Go version to 1.24.6 (#7437)\n  * plugin/header: Remove deprecated syntax (#7436)\n  * plugin/loadbalance: support prefer option (#7433)\n  * Improve caddy.GracefulServer conformance checks (#7416)\n\n- Update to version 1.12.3:\n  * chore: Minor changes to `Dockerfile` (#7428)\n  * Properly create hostname from IPv6 (#7431)\n  * Bump deps\n  * fix: handle cached connection closure in forward plugin (#7427)\n  * plugin/test: fix TXT record comparison for multi-chunk vs multiple records\n  * plugin/file: preserve case in SRV record names and targets per RFC 6763\n  * fix(auto/file): return REFUSED when no next plugin is available (#7381)\n  * Port to AWS Go SDK v2 (#6588)\n  * fix(cache): data race when refreshing cached messages (#7398)\n  * fix(cache): data race when updating the TTL of cached messages (#7397)\n  * chore: fix docs incompatibility (#7390)\n  * plugin/rewrite: Add EDNS0 Unset Action (#7380)\n  * add args: startup_timeout for kubernetes plugin (#7068)\n  * [plugin/cache] create a copy of a response to ensure original data is never\n     modified\n  * Add support for fallthrough to the grpc plugin (#7359)\n  * view: Add IPv6 example match (#7355)\n  * chore: enable more rules from revive (#7352)\n  * chore: enable early-return and superfluous-else from revive (#7129)\n  * test(plugin): improve tests for auto (#7348)\n  * fix(proxy): flaky dial tests (#7349)\n  * test: add t.Helper() calls to test helper functions (#7351)\n  * fix(kubernetes): multicluster DNS race condition (#7350)\n  * lint: enable wastedassign linter (#7340)\n  * test(plugin): add tests for any (#7341)\n  * Actually invoke make release -f Makefile.release during test (#7338)\n  * Keep golang to 1.24.2 due to build issues in 1.24.3 (#7337)\n  * lint: enable protogetter linter (#7336)\n  * lint: enable nolintlint linter (#7332)\n  * fix: missing intrange lint fix (#7333)\n  * perf(kubernetes): optimize AutoPath slice allocation (#7323)\n  * lint: enable intrange linter (#7331)\n  * feat(plugin/file): fallthrough (#7327)\n  * lint: enable canonicalheader linter (#7330)\n  * fix(proxy): avoid Dial hang after Transport stopped (#7321)\n  * test(plugin): add tests for pkg/rand (#7320)\n  * test(dnsserver): add unit tests for gRPC and QUIC servers (#7319)\n  * fix: loop variable capture and linter (#7328)\n  * lint: enable usetesting linter (#7322)\n  * test: skip certain network-specific tests on non-Linux (#7318)\n  * test(dnsserver): improve core/dnsserver test coverage (#7317)\n  * fix(metrics): preserve request size from plugins (#7313)\n  * fix: ensure DNS query name reset in plugin.NS error path (#7142)\n  * feat: enable plugins via environment during build (#7310)\n  * fix(plugin/bind): remove zone for link-local IPv4 (#7295)\n  * test(request): improve coverage across package (#7307)\n  * test(coremain): Add unit tests (#7308)\n  * ci(test-e2e): add Go version setup to workflow (#7309)\n  * kubernetes: add multicluster support (#7266)\n  * chore: Add new maintainer thevilledev (#7298)\n  * Update golangci-lint (#7294)\n  * feat: limit concurrent DoQ streams and goroutines (#7296)\n  * docs: add man page for multisocket plugin (#7297)\n  * Prepare for the k8s api upgrade (#7293)\n  * fix(rewrite): truncated upstream response (#7277)\n  * fix(plugin/secondary): make transfer property mandatory (#7249)\n  * plugin/bind: remove macOS bug mention in docs (#7250)\n  * Remove `?bla=foo:443` for `POST` DoH (#7257)\n  * Do not interrupt querying readiness probes for plugins (#6975)\n  * Added `SetProxyOptions` function for `forward` plugin (#7229)\n\n-  Backported quic-go PR #5094: Fix parsing of ifindex from packets\n   to ensure compatibility with big-endian architectures\n   (see quic-go/quic-go#4978, coredns/coredns#6682).\n\n- Update to version 1.12.1:\n  * core: Increase CNAME lookup limit from 7 to 10 (#7153)\n  * plugin/kubernetes: Fix handling of pods having DeletionTimestamp set\n  * plugin/kubernetes: Revert \"only create PTR records for endpoints with\n    hostname defined\"\n  * plugin/forward: added option failfast_all_unhealthy_upstreams to return\n    servfail if all upstreams are down\n  * bump dependencies, fixing bsc#1239294 and bsc#1239728\n\n- Update to version 1.12.0:\n  * New multisocket plugin - allows CoreDNS to listen on multiple sockets\n  * bump deps\n\n- Update to version 1.11.4:\n  * forward plugin: new option next, to try alternate upstreams when receiving\n    specified response codes upstreams on (functions like the external plugin\n    alternate)\n  * dnssec plugin: new option to load keys from AWS Secrets Manager\n  * rewrite plugin: new option to revert EDNS0 option rewrites in responses\n\n- Update to version 1.11.3+git129.387f34d:\n  * fix CVE-2024-51744 (https://bugzilla.suse.com/show_bug.cgi?id=1232991)\n    build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#6955)\n  * core: set cache-control max-age as integer, not float (#6764)\n  * Issue-6671: Fixed the order of plugins. (#6729)\n  * `root`: explicit mark `dnssec` support (#6753)\n  * feat: dnssec load keys from AWS Secrets Manager (#6618)\n  * fuzzing: fix broken oss-fuzz build (#6880)\n  * Replace k8s.io/utils/strings/slices by Go stdlib slices (#6863)\n  * Update .go-version to 1.23.2 (#6920)\n  * plugin/rewrite: Add \"revert\" parameter for EDNS0 options (#6893)\n  * Added OpenSSF Scorecard Badge (#6738)\n  * fix(cwd): Restored backwards compatibility of Current Workdir (#6731)\n  * fix: plugin/auto: call OnShutdown() for each zone at its own OnShutdown() (#6705)\n  * feature: log queue and buffer memory size configuration (#6591)\n  * plugin/bind: add zone for link-local IPv6 instead of skipping (#6547)\n  * only create PTR records for endpoints with hostname defined (#6898)\n  * fix: reverter should execute the reversion in reversed order (#6872)\n  * plugin/etcd: fix etcd connection leakage when reload (#6646)\n  * kubernetes: Add useragent (#6484)\n  * Update build (#6836)\n  * Update grpc library use (#6826)\n  * Bump go version from 1.21.11 to 1.21.12 (#6800)\n  * Upgrade antonmedv/expr to expr-lang/expr (#6814)\n  * hosts: add hostsfile as label for coredns_hosts_entries (#6801)\n  * fix TestCorefile1 panic for nil handling (#6802)\n",null,[],[],[],[14,16,18,20],{"_key":15},"CVE-2024-51744",{"_key":17},"CVE-2025-58063",{"_key":19},"CVE-2025-68156",{"_key":21},"CVE-2025-68161",[],[],[25,26,27,28],{"_key":15},{"_key":17},{"_key":19},{"_key":21},"2026-01-24T09:09:32Z","2026-03-23T04:54:44.315094Z",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[34,40,44,48,52,56,61,65,69],{"url":35,"sources":36,"tags":38},"https://bugzilla.suse.com/1239294",[37],"osv_opensuse",[39],"REPORT",{"url":41,"sources":42,"tags":43},"https://bugzilla.suse.com/1239728",[37],[39],{"url":45,"sources":46,"tags":47},"https://bugzilla.suse.com/1249389",[37],[39],{"url":49,"sources":50,"tags":51},"https://bugzilla.suse.com/1255345",[37],[39],{"url":53,"sources":54,"tags":55},"https://bugzilla.suse.com/1256411",[37],[39],{"url":57,"sources":58,"tags":59},"https://www.suse.com/security/cve/CVE-2024-51744",[37],[60],"WEB",{"url":62,"sources":63,"tags":64},"https://www.suse.com/security/cve/CVE-2025-58063",[37],[60],{"url":66,"sources":67,"tags":68},"https://www.suse.com/security/cve/CVE-2025-68156",[37],[60],{"url":70,"sources":71,"tags":72},"https://www.suse.com/security/cve/CVE-2025-68161",[37],[60],[],[],[],[77],{"ecosystem":78,"name":79,"vendor":80,"product":81,"cpe_part":9,"purl_type":82,"purl_namespace":80,"purl_name":81,"source":9,"versions":83},"openSUSE","coredns","opensuse","coredns&distro=openSUSE Leap 16.0","rpm",[84],{"version":85,"is_range":86,"range_type":87,"version_start":9,"version_start_type":9,"version_end":88,"version_end_type":89,"fixed_in":9},"lt1_14_0_bp160_1_1",true,"ecosystem","1.14.0-bp160.1.1","excluding"]