Описание
Security update for dnsmasq
This update for dnsmasq fixes the following security issues:
- CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
- CVE-2017-14492: heap based overflow. [bsc#1060355]
- CVE-2017-14493: stack based overflow. [bsc#1060360]
- CVE-2017-14494: DHCP - info leak. [bsc#1060361]
- CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]
- CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]
This update brings a (small) potential incompatibility in the handling of 'basename' in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option.
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Ссылки
- Link for SUSE-SU-2017:2619-1
- E-Mail link for SUSE-SU-2017:2619-1
- SUSE Security Ratings
- SUSE Bug 1060354
- SUSE Bug 1060355
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
- SUSE CVE CVE-2015-3294 page
- SUSE CVE CVE-2015-8899 page
- SUSE CVE CVE-2017-14491 page
- SUSE CVE CVE-2017-14492 page
- SUSE CVE CVE-2017-14493 page
- SUSE CVE CVE-2017-14494 page
- SUSE CVE CVE-2017-14495 page
- SUSE CVE CVE-2017-14496 page
Описание
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
Затронутые продукты
Ссылки
- CVE-2015-3294
- SUSE Bug 923144
- SUSE Bug 928867
Описание
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
Затронутые продукты
Ссылки
- CVE-2015-8899
- SUSE Bug 983273
Описание
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Затронутые продукты
Ссылки
- CVE-2017-14491
- SUSE Bug 1060354
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
- SUSE Bug 1063832
- SUSE Bug 1143944
Описание
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
Затронутые продукты
Ссылки
- CVE-2017-14492
- SUSE Bug 1060355
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
- SUSE Bug 1063832
Описание
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
Затронутые продукты
Ссылки
- CVE-2017-14493
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
- SUSE Bug 1063832
Описание
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
Затронутые продукты
Ссылки
- CVE-2017-14494
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
Описание
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
Затронутые продукты
Ссылки
- CVE-2017-14495
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364
Описание
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
Затронутые продукты
Ссылки
- CVE-2017-14496
- SUSE Bug 1060360
- SUSE Bug 1060361
- SUSE Bug 1060362
- SUSE Bug 1060364