Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:2633-1

Опубликовано: 02 окт. 2017
Источник: suse-cvrf

Описание

Security update for dnsmasq

This update for dnsmasq fixes the following security issues:

  • CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
  • CVE-2017-14492: heap based overflow. [bsc#1060355]
  • CVE-2017-14493: stack based overflow. [bsc#1060360]
  • CVE-2017-14494: DHCP - info leak. [bsc#1060361]
  • CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]
  • CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.2
dnsmasq-2.78-13.1
dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3
dnsmasq-2.78-13.1
dnsmasq-utils-2.78-13.1

Ссылки

Описание

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Затронутые продукты
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
Ссылки

Описание

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

Затронутые продукты
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
Ссылки

Описание

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Затронутые продукты
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
Ссылки

Описание

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

Затронутые продукты
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
Ссылки

Описание

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

Затронутые продукты
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
Ссылки

Описание

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

Затронутые продукты
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
Ссылки
Уязвимость openSUSE-SU-2017:2633-1