エラータID: AXSA:2024-7618:01

Release date: 
Tuesday, March 19, 2024 - 10:41
Affected Channels: 
MIRACLE LINUX 9 for x86_64

Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.

Security Fix(es):

* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC

validator (CVE-2023-50387)

* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can

exhaust CPU resources (CVE-2023-50868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.


Update packages.

Additional Info: 



  1. dnsmasq-2.85-14.el9_3.1.src.rpm
    MD5: 8e42b9ea86241a9d2c2b7d93b7b6c3a8
    SHA-256: 7d392517344b30eacaffd8dd81c7e6a3f252f54a49a9b0f5851afa126f4b5488
    Size: 576.64 kB

Asianux Server 9 for x86_64
  1. dnsmasq-2.85-14.el9_3.1.x86_64.rpm
    MD5: 5c83e74e5f36fa305ea5f075323c9384
    SHA-256: 0298fb15ec391fd160559f50d3879888786b2b213fe7d01ba3da8e75a7f8c912
    Size: 329.60 kB
  2. dnsmasq-utils-2.85-14.el9_3.1.x86_64.rpm
    MD5: 4bd6de8cd5ebc5e04ba430b9c46bdda6
    SHA-256: 4072174fbb539e04bde0ca8c22e09b1367f5f4bdd8bb43289479439a6e0aaac4
    Size: 38.45 kB