Описание
Security update for dnsmasq
This update for dnsmasq fixes the following issues:
- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709).
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872).
Non-security fixes:
- Removed cache size limit (bsc#1138743).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
Ссылки
- Link for SUSE-SU-2022:14940-1
- E-Mail link for SUSE-SU-2022:14940-1
- SUSE Security Ratings
- SUSE Bug 1138743
- SUSE Bug 1183709
- SUSE Bug 1197872
- SUSE CVE CVE-2021-3448 page
- SUSE CVE CVE-2022-0934 page
Описание
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Затронутые продукты
Ссылки
- CVE-2021-3448
- SUSE Bug 1183709
Описание
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
Затронутые продукты
Ссылки
- CVE-2022-0934
- SUSE Bug 1197872