Bug 45617

Summary: dnsmasq: Denial of service (4.2)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P4 CC: jmm
Version: UCS 4.2Flags: requate: Patch_Available+
Target Milestone: UCS 4.2-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score: 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Bug Depends on:    
Bug Blocks: 38379    

Description Arvid Requate univentionstaff 2017-10-30 17:41:42 CET 
Upstream Debian package version 2.72-3+deb8u2 fixes:

* Heap-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response (CVE-2017-14491)
* Heap-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request (CVE-2017-14492)
* Stack-based buffer overflow allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. (CVE-2017-14493)
* when configured as a relay, dnsmasq allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests (CVE-2017-14494)
* Memory leak, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation (CVE-2017-14495)
* Integer underflow in the add_pseudoheader function, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request (CVE-2017-14496)
Comment 1 Arvid Requate univentionstaff 2017-10-30 18:38:24 CET 
Package imported via debmirror.

Advisory: dnsmasq.yaml
Comment 2 Felix Botner univentionstaff 2017-11-01 16:40:32 CET 
package not found in ucs_4.2-0-errata4.2-2
Comment 3 Arvid Requate univentionstaff 2017-11-01 16:49:40 CET 
Fixed.
Comment 4 Felix Botner univentionstaff 2017-11-01 17:21:37 CET 
OK -  dnsmasq
dnsmasq -d -q
dnsmasq: gestartet, Version 2.72, Cachegröße 150
dnsmasq: Übersetzungsoptionen: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
dnsmasq: lese /etc/resolv.conf
dnsmasq: ignoriere Namensserver 10.200.7.50 - lokale Schnittstelle
dnsmasq: Benutze Namensserver 192.168.0.3#53
dnsmasq: /etc/hosts gelesen - 7 Adressen
dnsmasq: query[A] ping.de from 10.200.7.50
dnsmasq: forwarded ping.de to 192.168.0.3
dnsmasq: reply ping.de is 83.97.42.2

OK - sec patches

OK - YAML
Comment 5 Arvid Requate univentionstaff 2017-11-08 14:59:12 CET 
<http://errata.software-univention.de/ucs/4.2/211.html>