Univention Bugzilla – Bug 45617
dnsmasq: Denial of service (4.2)
Last modified: 2017-11-08 14:59:12 CET
Upstream Debian package version 2.72-3+deb8u2 fixes: * Heap-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response (CVE-2017-14491) * Heap-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request (CVE-2017-14492) * Stack-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. (CVE-2017-14493) * when configured as a relay, dnsmasq allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests (CVE-2017-14494) * Memory leak, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation (CVE-2017-14495) * Integer underflow in the add_pseudoheader function, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request (CVE-2017-14496)
Package imported via debmirror. Advisory: dnsmasq.yaml
package not found in ucs_4.2-0-errata4.2-2
Fixed.
OK - dnsmasq dnsmasq -d -q dnsmasq: gestartet, Version 2.72, Cachegröße 150 dnsmasq: Übersetzungsoptionen: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect dnsmasq: lese /etc/resolv.conf dnsmasq: ignoriere Namensserver 10.200.7.50 - lokale Schnittstelle dnsmasq: Benutze Namensserver 192.168.0.3#53 dnsmasq: /etc/hosts gelesen - 7 Adressen dnsmasq: query[A] ping.de from 10.200.7.50 dnsmasq: forwarded ping.de to 192.168.0.3 dnsmasq: reply ping.de is 83.97.42.2 OK - sec patches OK - YAML
<http://errata.software-univention.de/ucs/4.2/211.html>