Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2618-1

Опубликовано: 02 окт. 2017
Источник: suse-cvrf

Описание

Security update for dnsmasq

This update for dnsmasq fixes the following security issues:

  • CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
  • CVE-2017-14492: heap based overflow. [bsc#1060355]
  • CVE-2017-14493: stack based overflow. [bsc#1060360]
  • CVE-2017-14494: DHCP - info leak. [bsc#1060361]
  • CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]
  • CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12 SP3
dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS
dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP2
dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP3
dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
dnsmasq-2.78-18.3.1
SUSE OpenStack Cloud 6
dnsmasq-2.78-18.3.1
dnsmasq-utils-2.78-18.3.1
SUSE OpenStack Cloud 7
dnsmasq-utils-2.78-18.3.1

Ссылки

Описание

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12 SP3:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP2:dnsmasq-2.78-18.3.1
Ссылки

Описание

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12 SP3:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP2:dnsmasq-2.78-18.3.1
Ссылки

Описание

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12 SP3:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP2:dnsmasq-2.78-18.3.1
Ссылки

Описание

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12 SP3:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP2:dnsmasq-2.78-18.3.1
Ссылки

Описание

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12 SP3:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP2:dnsmasq-2.78-18.3.1
Ссылки

Описание

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Desktop 12 SP3:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:dnsmasq-2.78-18.3.1
SUSE Linux Enterprise Server 12 SP2:dnsmasq-2.78-18.3.1
Ссылки
Уязвимость SUSE-SU-2017:2618-1