Описание
Security update for dnsmasq
This update for dnsmasq fixes the following issues:
Security issues fixed:
- CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849)
- CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958).
Other issues addressed:
- Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543).
- Removed cache size limit (bsc#1138743).
- Included config files from /etc/dnsmasq.d/*.conf (bsc#1152539).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
dnsmasq-2.78-3.8.1
Ссылки
- Link for SUSE-SU-2019:3188-1
- E-Mail link for SUSE-SU-2019:3188-1
- SUSE Security Ratings
- SUSE Bug 1076958
- SUSE Bug 1138743
- SUSE Bug 1152539
- SUSE Bug 1154849
- SUSE Bug 1156543
- SUSE CVE CVE-2017-15107 page
- SUSE CVE CVE-2019-14834 page
Описание
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:dnsmasq-2.78-3.8.1
Ссылки
- CVE-2017-15107
- SUSE Bug 1076958
Описание
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:dnsmasq-2.78-3.8.1
Ссылки
- CVE-2019-14834
- SUSE Bug 1154849