Univention Bugzilla – Bug 53001
dnsmasq: Multiple issues (4.4)
Last modified: 2021-03-31 18:36:55 CEST
New Debian dnsmasq 2.76-5+deb9u3 fixes: This update addresses the following issues: * heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681) * buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682) * heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683) * loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)
--- mirror/ftp/4.3/unmaintained/4.3-3/source/dnsmasq_2.76-5+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/dnsmasq_2.76-5+deb9u3.dsc @@ -1,3 +1,15 @@ +2.76-5+deb9u3 [Sat, 20 Mar 2021 15:14:01 +0100] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: a + heap-based buffer overflow was discovered in dnsmasq when DNSSEC is + enabled. All are fixed with the same patch. + * CVE-2020-25684: allows an off-path (non-MITM) attacker to attempt a + DNS Cache Poisoning attack. If chained with CVE-2020-25685 or + CVE-2020-25686, the attack complexity of a successful attack is + reduced. (CVE-2020-25685 and CVE-2020-25686 are not fixed in this + version, see security-tracker.debian.org.) + 2.76-5+deb9u2 [Wed, 10 Oct 2018 08:52:32 +0200] Santiago Ruano Rincón <santiagorr@riseup.net>: * Non-maintainer upload. <http://piuparts.knut.univention.de/4.4-7/#7827617755780592282>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] e8f8f4bd45 Bug #53001: dnsmasq 2.76-5+deb9u3 doc/errata/staging/dnsmasq.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x937>