Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:3530-1

Опубликовано: 27 окт. 2021
Источник: suse-cvrf

Описание

Security update for dnsmasq

This update for dnsmasq fixes the following issues:

Update to version 2.86

  • CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709)
  • CVE-2020-14312: Set --local-service by default (bsc#1173646).
  • Open inotify socket only when used (bsc#1180914).

Список пакетов

Container suse/sles/15.3/virt-launcher:0.45.0
dnsmasq-2.86-7.14.1
SUSE Enterprise Storage 6
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise Micro 5.0
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise Micro 5.1
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise Server 15 SP1-BCL
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise Server 15 SP1-LTSS
dnsmasq-2.86-7.14.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
dnsmasq-2.86-7.14.1

Ссылки

Описание

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Затронутые продукты
Container suse/sles/15.3/virt-launcher:0.45.0:dnsmasq-2.86-7.14.1
SUSE Enterprise Storage 6:dnsmasq-2.86-7.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dnsmasq-2.86-7.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dnsmasq-2.86-7.14.1
Ссылки

Описание

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Затронутые продукты
Container suse/sles/15.3/virt-launcher:0.45.0:dnsmasq-2.86-7.14.1
SUSE Enterprise Storage 6:dnsmasq-2.86-7.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dnsmasq-2.86-7.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dnsmasq-2.86-7.14.1
Ссылки