dnsmasq-2.76-2.el7.2

エラータID: AXSA:2017-2341:02

Release date: 
Monday, October 23, 2017 - 22:24
Subject: 
dnsmasq-2.76-2.el7.2
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server)
forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)

* A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)

* A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493)

* An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494)

* A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495)

* An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496)

Asianux would like to thank Felix Wilhelm (Google Security Team), Fermin J.
Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin
Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for
reporting these issues.

CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via a crafted DNS response.
CVE-2017-14492
Heap-based buffer overflow in dnsmasq before 2.78 allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via a crafted IPv6 router advertisement request.
CVE-2017-14493
Stack-based buffer overflow in dnsmasq before 2.78 allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via a crafted DHCPv6 request.
CVE-2017-14494
dnsmasq before 2.78, when configured as a relay, allows remote
attackers to obtain sensitive memory information via vectors involving
handling DHCPv6 forwarded requests.
CVE-2017-14495
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id
or --add-subnet option is specified, allows remote attackers to cause
a denial of service (memory consumption) via vectors involving DNS
response creation.
CVE-2017-14496
Integer underflow in the add_pseudoheader function in dnsmasq before
2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is
specified, allows remote attackers to cause a denial of service via a
crafted DNS request.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. dnsmasq-2.76-2.el7.2.src.rpm
    MD5: 889e958cb624bc979fd495c2e4b38c09
    SHA-256: 5ac35a65b0214eefa3f2f38773ef7636ca788d54e9cfdaf6049665e73ca7e16c
    Size: 718.38 kB

Asianux Server 7 for x86_64
  1. dnsmasq-2.76-2.el7.2.x86_64.rpm
    MD5: da50c6268d6d3bd3dd6598ed6566ff80
    SHA-256: 099a2494be0714b7fd4350d93649d524fb804c542c0ad1bfe86b678a0f8d86c0
    Size: 276.04 kB