Bug 45617 - dnsmasq: Denial of service (4.2)
dnsmasq: Denial of service (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
Other Linux
: P4 normal (vote)
: UCS 4.2-2-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on:
Blocks: 38379
  Show dependency treegraph
 
Reported: 2017-10-30 17:41 CET by Arvid Requate
Modified: 2017-11-08 14:59 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-10-30 17:41:42 CET
Upstream Debian package version 2.72-3+deb8u2 fixes:

* Heap-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response (CVE-2017-14491)
* Heap-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request (CVE-2017-14492)
* Stack-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. (CVE-2017-14493)
* when configured as a relay, dnsmasq allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests (CVE-2017-14494)
* Memory leak, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation (CVE-2017-14495)
* Integer underflow in the add_pseudoheader function, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request (CVE-2017-14496)
Comment 1 Arvid Requate univentionstaff 2017-10-30 18:38:24 CET
Package imported via debmirror.

Advisory: dnsmasq.yaml
Comment 2 Felix Botner univentionstaff 2017-11-01 16:40:32 CET
package not found in ucs_4.2-0-errata4.2-2
Comment 3 Arvid Requate univentionstaff 2017-11-01 16:49:40 CET
Fixed.
Comment 4 Felix Botner univentionstaff 2017-11-01 17:21:37 CET
OK -  dnsmasq
dnsmasq -d -q
dnsmasq: gestartet, Version 2.72, Cachegröße 150
dnsmasq: Übersetzungsoptionen: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
dnsmasq: lese /etc/resolv.conf
dnsmasq: ignoriere Namensserver 10.200.7.50 - lokale Schnittstelle
dnsmasq: Benutze Namensserver 192.168.0.3#53
dnsmasq: /etc/hosts gelesen - 7 Adressen
dnsmasq: query[A] ping.de from 10.200.7.50
dnsmasq: forwarded ping.de to 192.168.0.3
dnsmasq: reply ping.de is 83.97.42.2

OK - sec patches

OK - YAML
Comment 5 Arvid Requate univentionstaff 2017-11-08 14:59:12 CET
<http://errata.software-univention.de/ucs/4.2/211.html>