ALT-BU-2024-12698-2
Branch sisyphus update bulletin.
Package aardvark-dns updated to version 1.12.2-alt1 for branch sisyphus in task 357552.
Closed vulnerabilities
Modified: 2024-09-13
BDU:2024-06718
Уязвимость DNS-сервера Aardvark-dns, связанная с неконтролируемым расходом ресурсов при открытом TCP-соединениz не ограниченного по времени, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-13
CVE-2024-8418
A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime.
Modified: 2025-05-14
GHSA-g5jh-57wm-p79m
Missing connection timeout in Aardvark-dns
- https://nvd.nist.gov/vuln/detail/CVE-2024-8418
- https://github.com/containers/aardvark-dns/issues/500
- https://github.com/containers/aardvark-dns/pull/503
- https://github.com/containers/aardvark-dns/commit/aa109bbd6743abd7027e589cc4b871dd2dce7d50
- https://access.redhat.com/errata/RHSA-2025:7094
- https://access.redhat.com/security/cve/CVE-2024-8418
- https://bugzilla.redhat.com/show_bug.cgi?id=2309683
- https://github.com/containers/aardvark-dns
Package openvpn-auth-ldap updated to version 2.0.4-alt4 for branch sisyphus in task 357560.
Closed vulnerabilities
Modified: 2026-04-15
CVE-2024-28820
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.
Closed bugs
Для закрытия CVE-2024-28820 нужно пропатчить openvpn-cr.c (пакет openvpn-auth-ldap)