Skip to content

[AutoPR- Security] Patch coredns for CVE-2026-26018, CVE-2026-26017 [HIGH] #16160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
azurelinux-security wants to merge 3 commits into
base: fasttrack/2.0
Choose a base branch
from
Open

[AutoPR- Security] Patch coredns for CVE-2026-26018, CVE-2026-26017 [HIGH] #16160

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0fe8f82
Patch coredns for CVE-2026-26018, CVE-2026-26017
azurelinux-security Mar 11, 2026
4a528a2
modify patch to fix build
akhila-guruju Mar 11, 2026
967c15f
Merge branch 'fasttrack/2.0' into azure-autosec/coredns/2.0/1067128
akhila-guruju Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 71 additions & 0 deletions SPECS/coredns/CVE-2026-26017.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
From e4b9a976441491881377947a200f414c7961e936 Mon Sep 17 00:00:00 2001
From: younevsky <younevsky@gmail.com>
Date: Wed, 25 Feb 2026 00:34:31 +0000
Subject: [PATCH] plugin: reorder rewrite before acl to prevent bypass

Signed-off-by: younevsky <younevsky@gmail.com>

Upstream Patch reference: https://github.com/coredns/coredns/pull/7882.patch

Makefile target for the two z*.go files depends on plugin.cfg.
So the change in plugin.cfg will trigger the rebuild of the two z*.go files.
---
plugin.cfg | 2 +-
core/dnsserver/zdirectives.go | 2 +-
core/plugin/zplugin.go | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugin.cfg b/plugin.cfg
index 081a57e..42b5414 100644
--- a/plugin.cfg
+++ b/plugin.cfg
@@ -43,13 +43,13 @@ log:log
dnstap:dnstap
local:local
dns64:dns64
-acl:acl
any:any
chaos:chaos
loadbalance:loadbalance
tsig:tsig
cache:cache
rewrite:rewrite
+acl:acl
header:header
dnssec:dnssec
autopath:autopath
diff --git a/core/dnsserver/zdirectives.go b/core/dnsserver/zdirectives.go
index bc4b086..66e2aec 100644
--- a/core/dnsserver/zdirectives.go
+++ b/core/dnsserver/zdirectives.go
@@ -34,13 +34,13 @@ var Directives = []string{
"dnstap",
"local",
"dns64",
- "acl",
"any",
"chaos",
"loadbalance",
"tsig",
"cache",
"rewrite",
+ "acl",
"header",
"dnssec",
"autopath",
diff --git a/core/plugin/zplugin.go b/core/plugin/zplugin.go
index a357ddc..aa9d009 100644
--- a/core/plugin/zplugin.go
+++ b/core/plugin/zplugin.go
@@ -3,7 +3,7 @@
package plugin

import (
- // Include all plugins.
+ // Include all the plugins.
_ "github.com/coredns/caddy/onevent"
_ "github.com/coredns/coredns/plugin/acl"
_ "github.com/coredns/coredns/plugin/any"
--
2.43.0

61 changes: 61 additions & 0 deletions SPECS/coredns/CVE-2026-26018.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
From 02391769e4f3eff1d5bace4c82505c213b495625 Mon Sep 17 00:00:00 2001
From: YOUNEVSKY <77975903+younevsky@users.noreply.github.com>
Date: Wed, 25 Feb 2026 10:21:04 +0000
Subject: [PATCH] plugin/loop: use crypto/rand for query name generation
(#7881)

Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference: https://github.com/coredns/coredns/commit/7ae1c40db200a29d8160707bcffb232c53a2005c.patch
---
plugin/loop/setup.go | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/plugin/loop/setup.go b/plugin/loop/setup.go
index 4e076c6..5d9d5b5 100644
--- a/plugin/loop/setup.go
+++ b/plugin/loop/setup.go
@@ -1,6 +1,8 @@
package loop

import (
+ "crypto/rand"
+ "math/big"
"net"
"strconv"
"time"
@@ -9,7 +11,6 @@ import (
"github.com/coredns/coredns/core/dnsserver"
"github.com/coredns/coredns/plugin"
"github.com/coredns/coredns/plugin/pkg/dnsutil"
- "github.com/coredns/coredns/plugin/pkg/rand"
)

func init() { plugin.Register("loop", setup) }
@@ -76,12 +77,20 @@ func parse(c *caddy.Controller) (*Loop, error) {
return New(zones[0]), nil
}

-// qname returns a random name. <rand.Int()>.<rand.Int().<zone>.
+// qname returns a secure random name: <random-int>.<random-int>.<zone>.
func qname(zone string) string {
- l1 := strconv.Itoa(r.Int())
- l2 := strconv.Itoa(r.Int())
+ l1 := secureRandIntString()
+ l2 := secureRandIntString()

return dnsutil.Join(l1, l2, zone)
}

-var r = rand.New(time.Now().UnixNano())
+func secureRandIntString() string {
+ // Generate a random 62-bit integer
+ n, err := rand.Int(rand.Reader, big.NewInt(1<<62))
+ if err != nil {
+ // Fallback to startup time in case rand.Reader is unavailable
+ return strconv.FormatInt(time.Now().UnixNano(), 10)
+ }
+ return n.String()
+}
--
2.45.4

7 changes: 6 additions & 1 deletion SPECS/coredns/coredns.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
Summary: Fast and flexible DNS server
Name: coredns
Version: 1.11.1
Release: 25%{?dist}
Release: 26%{?dist}
License: Apache License 2.0
Vendor: Microsoft Corporation
Distribution: Mariner
Expand Down Expand Up @@ -49,6 +49,8 @@ Patch13: CVE-2025-47950.patch
Patch14: CVE-2025-58063.patch
Patch15: CVE-2025-59530.patch
Patch16: CVE-2025-68151.patch
Patch17: CVE-2026-26017.patch
Patch18: CVE-2026-26018.patch

BuildRequires: msft-golang

Expand Down Expand Up @@ -87,6 +89,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} %{name}
%{_bindir}/%{name}

%changelog
* Wed Mar 11 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.11.1-26
- Patch for CVE-2026-26018, CVE-2026-26017

* Mon Jan 19 2026 Aditya Singh <v-aditysing@microsoft.com> - 1.11.1-25
- Patch for CVE-2025-68151

Expand Down
Loading