openSUSE-SU-2025:0131-1: moderate: Security update for coredns
openSUSE-SU-2025:15010-1: moderate: ffmpeg-6-6.1.2-3.1 on GA media
openSUSE-SU-2025:0131-1: moderate: Security update for coredns
openSUSE Security Update: Security update for coredns
_______________________________
Announcement ID: openSUSE-SU-2025:0131-1
Rating: moderate
References: #1239294 #1239728
Cross-References: CVE-2024-51744
CVSS scores:
CVE-2024-51744 (SUSE): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for coredns fixes the following issues:
- Update to version 1.12.1:
* core: Increase CNAME lookup limit from 7 to 10 (#7153)
* plugin/kubernetes: Fix handling of pods having DeletionTimestamp set
* plugin/kubernetes: Revert "only create PTR records for endpoints with
hostname defined"
* plugin/forward: added option failfast_all_unhealthy_upstreams to
return servfail if all upstreams are down
* bump dependencies, fixing boo#1239294 and boo#1239728
- Update to version 1.12.0:
* New multisocket plugin - allows CoreDNS to listen on multiple sockets
* bump deps
- Update to version 1.11.4:
* forward plugin: new option next, to try alternate upstreams when
receiving specified response codes upstreams on (functions like the
external plugin alternate)
* dnssec plugin: new option to load keys from AWS Secrets Manager
* rewrite plugin: new option to revert EDNS0 option rewrites in responses
- Update to version 1.11.3+git129.387f34d:
* fix CVE-2024-51744 (bsc#1232991) build(deps): bump
github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#6955)
* core: set cache-control max-age as integer, not float (#6764)
* Issue-6671: Fixed the order of plugins. (#6729)
* `root`: explicit mark `dnssec` support (#6753)
* feat: dnssec load keys from AWS Secrets Manager (#6618)
* fuzzing: fix broken oss-fuzz build (#6880)
* Replace k8s.io/utils/strings/slices by Go stdlib slices (#6863)
* Update .go-version to 1.23.2 (#6920)
* plugin/rewrite: Add "revert" parameter for EDNS0 options (#6893)
* Added OpenSSF Scorecard Badge (#6738)
* fix(cwd): Restored backwards compatibility of Current Workdir (#6731)
* fix: plugin/auto: call OnShutdown() for each zone at its own
OnShutdown() (#6705)
* feature: log queue and buffer memory size configuration (#6591)
* plugin/bind: add zone for link-local IPv6 instead of skipping (#6547)
* only create PTR records for endpoints with hostname defined (#6898)
* fix: reverter should execute the reversion in reversed order (#6872)
* plugin/etcd: fix etcd connection leakage when reload (#6646)
* kubernetes: Add useragent (#6484)
* Update build (#6836)
* Update grpc library use (#6826)
* Bump go version from 1.21.11 to 1.21.12 (#6800)
* Upgrade antonmedv/expr to expr-lang/expr (#6814)
* hosts: add hostsfile as label for coredns_hosts_entries (#6801)
* fix TestCorefile1 panic for nil handling (#6802)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-131=1
Package List:
- openSUSE Backports SLE-15-SP6 (i586 x86_64):
coredns-1.12.1-bp156.4.6.5
- openSUSE Backports SLE-15-SP6 (noarch):
coredns-extras-1.12.1-bp156.4.6.5
References:
https://www.suse.com/security/cve/CVE-2024-51744.html
https://bugzilla.suse.com/1239294
https://bugzilla.suse.com/1239728
openSUSE-SU-2025:15010-1: moderate: ffmpeg-6-6.1.2-3.1 on GA media
# ffmpeg-6-6.1.2-3.1 on GA media
Announcement ID: openSUSE-SU-2025:15010-1
Rating: moderate
Cross-References:
* CVE-2023-22656
* CVE-2023-45221
* CVE-2023-47169
* CVE-2023-47282
* CVE-2023-48368
* CVE-2023-51793
* CVE-2023-51798
* CVE-2024-12361
* CVE-2024-35365
* CVE-2024-35368
* CVE-2025-0518
* CVE-2025-22919
* CVE-2025-22921
* CVE-2025-25473
CVSS scores:
* CVE-2023-22656 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
* CVE-2023-45221 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2023-47169 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-47282 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
* CVE-2023-48368 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
* CVE-2023-51793 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-51798 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-12361 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-12361 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-35365 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2024-35365 ( SUSE ): 2 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2024-35368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35368 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-0518 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-22919 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-22919 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22921 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-22921 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-25473 ( SUSE ): 0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
* CVE-2025-25473 ( SUSE ): 0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 14 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the ffmpeg-6-6.1.2-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ffmpeg-6 6.1.2-3.1
* ffmpeg-6-libavcodec-devel 6.1.2-3.1
* ffmpeg-6-libavdevice-devel 6.1.2-3.1
* ffmpeg-6-libavfilter-devel 6.1.2-3.1
* ffmpeg-6-libavformat-devel 6.1.2-3.1
* ffmpeg-6-libavutil-devel 6.1.2-3.1
* ffmpeg-6-libpostproc-devel 6.1.2-3.1
* ffmpeg-6-libswresample-devel 6.1.2-3.1
* ffmpeg-6-libswscale-devel 6.1.2-3.1
* libavcodec60 6.1.2-3.1
* libavdevice60 6.1.2-3.1
* libavfilter9 6.1.2-3.1
* libavformat60 6.1.2-3.1
* libavutil58 6.1.2-3.1
* libpostproc57 6.1.2-3.1
* libswresample4 6.1.2-3.1
* libswscale7 6.1.2-3.1
## References:
* https://www.suse.com/security/cve/CVE-2023-22656.html
* https://www.suse.com/security/cve/CVE-2023-45221.html
* https://www.suse.com/security/cve/CVE-2023-47169.html
* https://www.suse.com/security/cve/CVE-2023-47282.html
* https://www.suse.com/security/cve/CVE-2023-48368.html
* https://www.suse.com/security/cve/CVE-2023-51793.html
* https://www.suse.com/security/cve/CVE-2023-51798.html
* https://www.suse.com/security/cve/CVE-2024-12361.html
* https://www.suse.com/security/cve/CVE-2024-35365.html
* https://www.suse.com/security/cve/CVE-2024-35368.html
* https://www.suse.com/security/cve/CVE-2025-0518.html
* https://www.suse.com/security/cve/CVE-2025-22919.html
* https://www.suse.com/security/cve/CVE-2025-22921.html
* https://www.suse.com/security/cve/CVE-2025-25473.html
