==========================================================================
Ubuntu Security Notice USN-3430-1
October 02, 2017
dnsmasq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Dnsmasq.
Software Description:
– dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2017-14491)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A
remote attacker could use this issue to cause Dnsmasq to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote
attacker could use this issue to possibly obtain sensitive memory contents.
(CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to consume memory, resulting in a
denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to crash, resulting in a denial of
service. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
dnsmasq 2.76-5ubuntu0.1
dnsmasq-base 2.76-5ubuntu0.1
dnsmasq-utils 2.76-5ubuntu0.1
Ubuntu 16.04 LTS:
dnsmasq 2.75-1ubuntu0.16.04.3
dnsmasq-base 2.75-1ubuntu0.16.04.3
dnsmasq-utils 2.75-1ubuntu0.16.04.3
Ubuntu 14.04 LTS:
dnsmasq 2.68-1ubuntu0.2
dnsmasq-base 2.68-1ubuntu0.2
dnsmasq-utils 2.68-1ubuntu0.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3430-1
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,
CVE-2017-14495, CVE-2017-14496
Package Information:
https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1
https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJZ0lcBAAoJEGVp2FWnRL6TJnsP/Rp1kq/hjKtoCshWgqx9WMyR
F7bt5lVZTZzVlLrQqAs3N19MpwMrP2Ro7gsS2wIIOv1FSKze3kvD9MwsSmWAa3iY
6q0MPCSfPE+pJ78aio3EcZlfk6JpXfmGotBfzTWoUhYbv29uywmJypFhmHeITrWZ
+Nj5xOvX4U8V7f8W4R4+//SHSf6ftuL2AWb0s7bFZketA27ftCmav+akXGz0yNQf
nXCpOwRWqAr5JTDOhfwRazoJKRSBbnEyIVsSLfkqZUhJ45CwgJrOXep/ZfAf33vK
CGtNk9H0NFLiD2k4IMyva2gFmau+cmq/4C9O5wtwpAkIftsX0TYW/OAP7Gw1BsFv
O9S99vetsTQROZJL90hewmu0z+U6fXnFRH8QgTsf8ovht5YXN+OUQWUb0+iyCTni
Yp5WsiClEJu/mbWvyNL+WFAAUQd+XUZzEpPwIA8EH72ZUNcYp/oCbGVYImhm3rmN
gXWyxOIP7rocj3XskhTmGCyfEUDgqHos3Mjvgb2Dm2gr9CQfVEM+vhDRKMnQAX4d
kcxpbWY3lETvgCvjY3mitOmVuZZk6cHK242YN0j9FD73NFUoQMk5Sqbyd7R/Gfgu
5fwiPch2fpdo8Z0rvSojy8bUmzHjd3/ZNjZ/0EXJx4rgkwxmWCqmJhHYAFQ8TJr8
8JVIlwWQjQ1TvFmkpy98
=XkG1
—–END PGP SIGNATURE—–
—
==========================================================================
Ubuntu Security Notice USN-3430-2
October 03, 2017
dnsmasq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Dnsmasq.
Software Description:
– dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in
a denial of service, or possibly execute arbitrary code.
(CVE-2017-14491)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled IPv6 router
advertisements. A remote attacker could use this issue to cause
Dnsmasq to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in
a denial of service, or possibly execute arbitrary code.
(CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote
attacker could use this issue to possibly obtain sensitive memory
contents. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote
attacker could use this issue to cause Dnsmasq to consume memory,
resulting in a denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in
a denial of service. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
dnsmasq 2.59-4ubuntu0.3
dnsmasq-base 2.59-4ubuntu0.3
dnsmasq-utils 2.59-4ubuntu0.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3430-2
https://www.ubuntu.com/usn/usn-3430-1
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,
CVE-2017-14495, CVE-2017-14496
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJZ04b6AAoJEEW851uECx9pFlQP/iyLBrVH+NZ1KY6YCNA0NZ+N
9PbVu/PAAdHw291U1HZaIsO6m3F0k8uQrZMCM+Spxew4qk3ABv42YtmQJLBV9dlz
KdhFuU6tAgUEWMsrY14VV4ly4YJh/ZriYpu6kOreKWx4H3/BhIYeiDIsstg+k+lx
f6AuNsdq+6qERpaXuX5RzgH5E2ho3BXdneWwWL9wsr/mA/4/134xfp7JGzmBKMeB
oxV22vDXyKqP03sM7TkNcQh8GQYfGqAcNxSTSFr1m/8wMynA2CejrvzuAWt2Hngp
jx+PJiukywc/egdTdBoo5tTOBmsKWob27fHelyBP5agWQ80clW+d6B/67OcDl6bM
f9qcMpzvUvLAXyeDR4ORxHEAxOtLBbEXbCarM5xprs6RVrqYPsBkMMCdF33m7XzB
tzoe+yIENhMvYVr5rgGfivb1jNEJnVRaSo0ynSjnWfZPqnAYMQqOLcBDMP47kcJD
sIPv3EdTRdoptf40zs1CUjHMnFO6Xvlhkvl0Z4iOoMUIJ34vfsrLB7Tx8tXLd3nH
ygKFTruQxOwe5eJtT6DN9r4nkXuPe8OXAuylLBx9PUGT8QDVkJssaTMxm1K4u5P9
IHkgNnBGDiUampGzCo+xfWrHF5SbLEfEJvzPPQrM8MaggDC5qyUd6+Q/O87Qw+jT
1JzFFwGTO0ffiQjcW7e2
=VbmM
—–END PGP SIGNATURE—–
–
