rpms/aardvark-dns
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Update aardvark-dns to 1.17.1 (CVE-2026-35406) #7

Merged
sbelikov merged 2 commits from update-aardvark-dns-1.17.1 into niceos-5.2 2026-04-28 17:49:32 +03:00
Conversation 0 Commits 2 Files changed 1 +8 -3
sbelikov commented 2026-04-28 17:42:39 +03:00
Owner
Copy link

Summary

This update upgrades aardvark-dns from 1.17.0 to 1.17.1 to address a critical security vulnerability.

Security Fix

  • CVE: CVE-2026-35406
  • Description: Fixed a security issue where TCP connections were not handled correctly when receiving a malformed packet, causing aardvark-dns to enter an infinite loop at 100% CPU usage, potentially leading to a Denial of Service (DoS) attack.
  • Affected Versions: Versions before v1.16.0 are unaffected; this patch applies to the current release line.

Changes

  • Updated Version in spec file to 1.17.1.
  • Updated Source0 and Source1 URLs to point to the new release.

Issue

Краткое описание (RU)

Это обновление повышает версию aardvark-dns с 1.17.0 до 1.17.1 для устранения критической уязвимости.

Исправление безопасности

  • CVE: CVE-2026-35406
  • Описание: Исправлена уязвимость, при которой некорректная обработка TCP-соединений при получении некорректного пакета приводила к бесконечному циклу с загрузкой CPU 100%, что могло вызвать отказ в обслуживании (DoS).
  • Влияние: Версии до v1.16.0 не затронуты; это исправление применяется к текущей ветке релизов.
## Summary This update upgrades `aardvark-dns` from 1.17.0 to 1.17.1 to address a critical security vulnerability. ### Security Fix - **CVE**: CVE-2026-35406 - **Description**: Fixed a security issue where TCP connections were not handled correctly when receiving a malformed packet, causing `aardvark-dns` to enter an infinite loop at 100% CPU usage, potentially leading to a Denial of Service (DoS) attack. - **Affected Versions**: Versions before v1.16.0 are unaffected; this patch applies to the current release line. ### Changes - Updated `Version` in spec file to `1.17.1`. - Updated `Source0` and `Source1` URLs to point to the new release. ## Issue - https://specs.niceos.ru/rpms/aardvark-dns/issues/6 --- ## Краткое описание (RU) Это обновление повышает версию `aardvark-dns` с 1.17.0 до 1.17.1 для устранения критической уязвимости. ### Исправление безопасности - **CVE**: CVE-2026-35406 - **Описание**: Исправлена уязвимость, при которой некорректная обработка TCP-соединений при получении некорректного пакета приводила к бесконечному циклу с загрузкой CPU 100%, что могло вызвать отказ в обслуживании (DoS). - **Влияние**: Версии до v1.16.0 не затронуты; это исправление применяется к текущей ветке релизов.
sbelikov merged commit a9cb4e0096 into niceos-5.2 2026-04-28 17:49:32 +03:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
ai-summary
Issue contains local NiceSOFT AI generated preliminary analysis

  
bot
Created by automation

  
needs-build
Needs build verification

  
needs-triage
Needs maintainer triage

  
priority/high
High priority

  
qwen-summary
Issue contains local AI-generated preliminary analysis

  
security-release
Release notes mention security fixes or CVE

  
update/major
Major update

  
update/patch
Patch-level update

  
upstream-update
New upstream version is available

  
upstream/github
GitHub upstream

No labels
ai-summary
bot
needs-build
needs-triage
priority/high
qwen-summary
security-release
update/major
update/patch
upstream-update
upstream/github
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rpms/aardvark-dns!7
No description provided.