You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa dnsmasq

Sigurnosni nedostaci programskog paketa dnsmasq

==========================================================================
Ubuntu Security Notice USN-3430-1
October 02, 2017

dnsmasq vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Dnsmasq.

Software Description:
– dnsmasq: Small caching DNS proxy and DHCP/TFTP server

Details:

Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2017-14491)

Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A
remote attacker could use this issue to cause Dnsmasq to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2017-14492)

Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote
attacker could use this issue to cause Dnsmasq to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2017-14493)

Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote
attacker could use this issue to possibly obtain sensitive memory contents.
(CVE-2017-14494)

Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to consume memory, resulting in a
denial of service. (CVE-2017-14495)

Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher
discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker
could use this issue to cause Dnsmasq to crash, resulting in a denial of
service. (CVE-2017-14496)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
dnsmasq 2.76-5ubuntu0.1
dnsmasq-base 2.76-5ubuntu0.1
dnsmasq-utils 2.76-5ubuntu0.1

Ubuntu 16.04 LTS:
dnsmasq 2.75-1ubuntu0.16.04.3
dnsmasq-base 2.75-1ubuntu0.16.04.3
dnsmasq-utils 2.75-1ubuntu0.16.04.3

Ubuntu 14.04 LTS:
dnsmasq 2.68-1ubuntu0.2
dnsmasq-base 2.68-1ubuntu0.2
dnsmasq-utils 2.68-1ubuntu0.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3430-1
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,
CVE-2017-14495, CVE-2017-14496

Package Information:
https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1
https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZ0lcBAAoJEGVp2FWnRL6TJnsP/Rp1kq/hjKtoCshWgqx9WMyR
F7bt5lVZTZzVlLrQqAs3N19MpwMrP2Ro7gsS2wIIOv1FSKze3kvD9MwsSmWAa3iY
6q0MPCSfPE+pJ78aio3EcZlfk6JpXfmGotBfzTWoUhYbv29uywmJypFhmHeITrWZ
+Nj5xOvX4U8V7f8W4R4+//SHSf6ftuL2AWb0s7bFZketA27ftCmav+akXGz0yNQf
nXCpOwRWqAr5JTDOhfwRazoJKRSBbnEyIVsSLfkqZUhJ45CwgJrOXep/ZfAf33vK
CGtNk9H0NFLiD2k4IMyva2gFmau+cmq/4C9O5wtwpAkIftsX0TYW/OAP7Gw1BsFv
O9S99vetsTQROZJL90hewmu0z+U6fXnFRH8QgTsf8ovht5YXN+OUQWUb0+iyCTni
Yp5WsiClEJu/mbWvyNL+WFAAUQd+XUZzEpPwIA8EH72ZUNcYp/oCbGVYImhm3rmN
gXWyxOIP7rocj3XskhTmGCyfEUDgqHos3Mjvgb2Dm2gr9CQfVEM+vhDRKMnQAX4d
kcxpbWY3lETvgCvjY3mitOmVuZZk6cHK242YN0j9FD73NFUoQMk5Sqbyd7R/Gfgu
5fwiPch2fpdo8Z0rvSojy8bUmzHjd3/ZNjZ/0EXJx4rgkwxmWCqmJhHYAFQ8TJr8
8JVIlwWQjQ1TvFmkpy98
=XkG1
—–END PGP SIGNATURE—–

 

 

==========================================================================

Ubuntu Security Notice USN-3430-2

October 03, 2017

 

dnsmasq vulnerabilities

==========================================================================

 

A security issue affects these releases of Ubuntu and its derivatives:

 

– Ubuntu 12.04 ESM

 

Summary:

 

Several security issues were fixed in Dnsmasq.

 

Software Description:

– dnsmasq: Small caching DNS proxy and DHCP/TFTP server

 

Details:

 

USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update

provides the corresponding update for Ubuntu 12.04 ESM.

 

Original advisory details:

 

 Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher

 discovered that Dnsmasq incorrectly handled DNS requests. A remote

 attacker could use this issue to cause Dnsmasq to crash, resulting in

 a denial of service, or possibly execute arbitrary code. 

 (CVE-2017-14491)

 

 Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher

 discovered that Dnsmasq incorrectly handled IPv6 router

 advertisements. A remote attacker could use this issue to cause

 Dnsmasq to crash, resulting in a denial of service, or possibly

 execute arbitrary code. (CVE-2017-14492)

 

 Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher

 discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote

 attacker could use this issue to cause Dnsmasq to crash, resulting in

 a denial of service, or possibly execute arbitrary code. 

 (CVE-2017-14493)

 

 Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher

 discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote

 attacker could use this issue to possibly obtain sensitive memory

 contents. (CVE-2017-14494)

 

 Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher

 discovered that Dnsmasq incorrectly handled DNS requests. A remote

 attacker could use this issue to cause Dnsmasq to consume memory,

 resulting in a denial of service. (CVE-2017-14495)

 

 Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher

 discovered that Dnsmasq incorrectly handled DNS requests. A remote

 attacker could use this issue to cause Dnsmasq to crash, resulting in

 a denial of service. (CVE-2017-14496)

 

Update instructions:

 

The problem can be corrected by updating your system to the following

package versions:

 

Ubuntu 12.04 ESM:

  dnsmasq                         2.59-4ubuntu0.3

  dnsmasq-base                    2.59-4ubuntu0.3

  dnsmasq-utils                   2.59-4ubuntu0.3

 

After a standard system update you need to reboot your computer to make

all the necessary changes.

 

References:

  https://www.ubuntu.com/usn/usn-3430-2

  https://www.ubuntu.com/usn/usn-3430-1

  CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,

  CVE-2017-14495, CVE-2017-14496

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v2

 

iQIcBAABCAAGBQJZ04b6AAoJEEW851uECx9pFlQP/iyLBrVH+NZ1KY6YCNA0NZ+N

9PbVu/PAAdHw291U1HZaIsO6m3F0k8uQrZMCM+Spxew4qk3ABv42YtmQJLBV9dlz

KdhFuU6tAgUEWMsrY14VV4ly4YJh/ZriYpu6kOreKWx4H3/BhIYeiDIsstg+k+lx

f6AuNsdq+6qERpaXuX5RzgH5E2ho3BXdneWwWL9wsr/mA/4/134xfp7JGzmBKMeB

oxV22vDXyKqP03sM7TkNcQh8GQYfGqAcNxSTSFr1m/8wMynA2CejrvzuAWt2Hngp

jx+PJiukywc/egdTdBoo5tTOBmsKWob27fHelyBP5agWQ80clW+d6B/67OcDl6bM

f9qcMpzvUvLAXyeDR4ORxHEAxOtLBbEXbCarM5xprs6RVrqYPsBkMMCdF33m7XzB

tzoe+yIENhMvYVr5rgGfivb1jNEJnVRaSo0ynSjnWfZPqnAYMQqOLcBDMP47kcJD

sIPv3EdTRdoptf40zs1CUjHMnFO6Xvlhkvl0Z4iOoMUIJ34vfsrLB7Tx8tXLd3nH

ygKFTruQxOwe5eJtT6DN9r4nkXuPe8OXAuylLBx9PUGT8QDVkJssaTMxm1K4u5P9

IHkgNnBGDiUampGzCo+xfWrHF5SbLEfEJvzPPQrM8MaggDC5qyUd6+Q/O87Qw+jT

1JzFFwGTO0ffiQjcW7e2

=VbmM

—–END PGP SIGNATURE—–

– 

 
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa nss

Otkriven je sigurnosni nedostatak u programskom paketu nss za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanjem...

Close