Multiple vulnerabilities in the dnsdist DNS load balancer, including CVE-2026-24028 (CVSS 5.3), can lead to denial of service, information disclosure, or ACL bypass. Affected versions are dnsdist 1.9.0 through 1.9.11 and 2.0.0 through 2.0.2. The issues are fixed in versions 1.9.12 and 2.0.3, and Debian users should upgrade to dnsdist version 1.9.14-0+deb13u1.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6235-1] dnsdist security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6235-1] dnsdist security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Tue, 28 Apr 2026 19:03:59 +0000 Message-id: <[🔎] afEEn2lp6YPFU9Ms@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6235-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dnsdist CVE ID : CVE-2026-0396 CVE-2026-0397 CVE-2026-24028 CVE-2026-24029 CVE-2026-24030 CVE-2026-27853 CVE-2026-27854 CVE-2026-33254 CVE-2026-33257 CVE-2026-33260 CVE-2026-33593 CVE-2026-33594 CVE-2026-33595 CVE-2026-33596 CVE-2026-33597 CVE-2026-33598 CVE-2026-33599 CVE-2026-33602 Multiple security vulnerabilities were discovered in the dnsdist DNS loadbalancer, which could result in denial of service, information disclosure or ACL bypass. For the stable distribution (trixie), these problems have been fixed in version 1.9.14-0+deb13u1. We recommend that you upgrade your dnsdist packages. For the detailed security status of dnsdist please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dnsdist Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnxAa0ACgkQEMKTtsN8 TjaYzg//SM81gP4NJyYdmXp5toZtaiAZe6QLpkXP72yPg/BnmGnd6JgdCUOrdq1O GqI+8ohX4sOO/MmOtruDSP6ai6mb5nLkIlZ1CwTFbx31m3nW3gy73A4bHriftQv9 HmFvpB/ItfFJ+cyTMTjAo+BCDeFRWMM55e/qxKr2gfV39jYIJckBV012QcKMfv9I PGZA5jjcRnVHcK9TemMjPDgtJ5uGDU30oj3Y/7lj4jNv1tZzZDKzCZBS3fThmFbd 0RWJXHjYGjukb74WVOWnRF24MRAKuyG8WfhMgxwvGj278ZuQoYLlKHFVr/7OxpU1 Lh54+v8QH4gULFh+L9/rNyq+qHQM2iR9gUYMCi9xK5dL8vVPFjvOXH9DBEddJy1M Ru/Si4zKws2IcxrjN2I3pulUTxMtqOEe/iRIiEcsG/iVi40ijKASJiIJGPlInPzK O53KXXU46d3QLX1iIygZbz7U9UIlLzHG4kil3FkrOe4WdOffkF725Hea6S7MVvnf mYyAK104ImA4S/XHoF0FgpXUliw1Nq+I4BWjvpV2edqhhKi6Y+dYXy7WAG4ou+Q2 3qqtAUuaHOi5ZVUYpGXyHryLhgjkyj10VDvjMpLp14elu1PzxIsnxbZMlloE52Da Bi0NO4S3+icpuHPBANfO8aE/KmN/5wmTHqi2D1pS3u2Y9fmezNA= =X/YM -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6234-1] pdns-recursor security update Previous by thread: [SECURITY] [DSA 6234-1] pdns-recursor security update Index(es): Date Thread