Security update for dnsmasq
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2015:0857-1
Final
1
1
2015-04-28T12:13:24Z
current
2015-04-28T12:13:24Z
2015-04-28T12:13:24Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for dnsmasq
The DNS server dnsmasq was updated to fix one security issue.
The following vulnerability was fixed:
* CVE-2015-3294: A remote unauthenticated attacker could have caused a denial of service (DoS) or read heap memory, potentially disclosing information such as performed DNS queries or encryption keys. (bsc#928867)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html
E-Mail link for openSUSE-SU-2015:0857-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
dnsmasq-2.65-7.3.1
dnsmasq-utils-2.65-7.3.1
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
CVE-2015-3294
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html
https://www.suse.com/security/cve/CVE-2015-3294.html
CVE-2015-3294
https://bugzilla.suse.com/923144
SUSE Bug 923144
https://bugzilla.suse.com/928867
SUSE Bug 928867