Описание
Security update for dnsmasq
This update for dnsmasq fixes the following security issues:
- CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
- CVE-2017-14492: heap based overflow. [bsc#1060355]
- CVE-2017-14493: stack based overflow. [bsc#1060360]
- CVE-2017-14494: DHCP - info leak. [bsc#1060361]
- CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]
- CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]
This update brings a (small) potential incompatibility in the handling of 'basename' in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option.
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
Ссылки
- Link for SUSE-SU-2017:2617-1
- E-Mail link for SUSE-SU-2017:2617-1
- SUSE Security Ratings
- SUSE Bug 1060354
- SUSE Bug 1060355
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
- SUSE CVE CVE-2015-3294 page
- SUSE CVE CVE-2015-8899 page
- SUSE CVE CVE-2017-14491 page
- SUSE CVE CVE-2017-14492 page
- SUSE CVE CVE-2017-14493 page
- SUSE CVE CVE-2017-14494 page
- SUSE CVE CVE-2017-14495 page
- SUSE CVE CVE-2017-14496 page
Описание
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
Затронутые продукты
Ссылки
- CVE-2015-3294
- SUSE Bug 923144
- SUSE Bug 928867
Описание
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
Затронутые продукты
Ссылки
- CVE-2015-8899
- SUSE Bug 983273
Описание
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Затронутые продукты
Ссылки
- CVE-2017-14491
- SUSE Bug 1060354
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
- SUSE Bug 1063832
- SUSE Bug 1143944
Описание
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
Затронутые продукты
Ссылки
- CVE-2017-14492
- SUSE Bug 1060355
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
- SUSE Bug 1063832
Описание
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
Затронутые продукты
Ссылки
- CVE-2017-14493
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
- SUSE Bug 1063832
Описание
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
Затронутые продукты
Ссылки
- CVE-2017-14494
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
Описание
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
Затронутые продукты
Ссылки
- CVE-2017-14495
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
Описание
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
Затронутые продукты
Ссылки
- CVE-2017-14496
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364