SUSE Releases Fix for SADDNS Vulnerability
Security researchers from University of California and Tsinghua University have identified a new variant of DNS cache poisoning attacks called SADDNS (“Side-channel AttackeD DNS”) due to newly identified side channel attack against ICMP replies.
This reappearance of the DNS cache poisoning attack allows remote attackers to pretend to be different hosts, if your host is reachable from the Internet, allowing person-in-the-middle against encrypted communication or software delivery.
SUSE is delivering Linux Kernel Updates to again mitigate the SADDNS attack.
SUSE also recommends to use DNSSEC, which in general avoids this kind of attack.
SADDNS, while potentially serious to unpatched systems, poses little danger to those who keep their SUSE product patched and up to date. We are releasing fixes and updates to all affected versions, eliminating the potential for disruption.
If you have any questions or concerns, please reach out to your SUSE contact. Security and reliability continue to be top priorities for SUSE because they are top priorities for our customers and partners. And as always, customers and partners come first.