dnsmasq-2.48-18.AXS4

エラータID: AXSA:2017-2307:01

Release date: 
Monday, October 9, 2017 - 23:14
Subject: 
dnsmasq-2.48-18.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server)
forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)

Asianux would like to thank Felix Wilhelm (Google Security Team), Fermin J.
Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin
Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for
reporting this issue.

CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via a crafted DNS response.

Solution: 

Update packages.

CVEs: 
CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Additional Info: 

N/A

Download: 

SRPMS
  1. dnsmasq-2.48-18.AXS4.src.rpm
    MD5: 33bb6d608f88c6fa43b37d86a42c4aab
    SHA-256: 1ab0506b808bf8b768d432834b617e0781da0b227c40e3affe1fde3fe8eb8c48
    Size: 315.97 kB

Asianux Server 4 for x86
  1. dnsmasq-2.48-18.AXS4.i686.rpm
    MD5: 07c57c8894ebd96b5e1f9b15f8574b32
    SHA-256: c3ae14c0d427650c0a3f8ad075df8a3c059289265cb5b47100b9ff258bc9623c
    Size: 145.61 kB

Asianux Server 4 for x86_64
  1. dnsmasq-2.48-18.AXS4.x86_64.rpm
    MD5: b5defffbd69c790eb3eb74ffd124621c
    SHA-256: 5f1e8a0bac58268f0f2722968773e5125b09df7b634459e8242a100e7f50e9c9
    Size: 148.98 kB