Security update for dnsmasq
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:2633-1
Final
1
1
2017-10-02T19:31:12Z
current
2017-10-02T19:31:12Z
2017-10-02T19:31:12Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for dnsmasq
This update for dnsmasq fixes the following security issues:
- CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
- CVE-2017-14492: heap based overflow. [bsc#1060355]
- CVE-2017-14493: stack based overflow. [bsc#1060360]
- CVE-2017-14494: DHCP - info leak. [bsc#1060361]
- CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]
- CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]
This update was imported from the SUSE:SLE-12-SP1:Update update project.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
E-Mail link for openSUSE-SU-2017:2633-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.2
openSUSE Leap 42.3
dnsmasq-2.78-13.1
dnsmasq-utils-2.78-13.1
dnsmasq-2.78-13.1 as a component of openSUSE Leap 42.2
dnsmasq-utils-2.78-13.1 as a component of openSUSE Leap 42.2
dnsmasq-2.78-13.1 as a component of openSUSE Leap 42.3
dnsmasq-utils-2.78-13.1 as a component of openSUSE Leap 42.3
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-14491
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
moderate
6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
https://www.suse.com/security/cve/CVE-2017-14491.html
CVE-2017-14491
https://bugzilla.suse.com/1060354
SUSE Bug 1060354
https://bugzilla.suse.com/1060360
SUSE Bug 1060360
https://bugzilla.suse.com/1060361
SUSE Bug 1060361
https://bugzilla.suse.com/1060362
SUSE Bug 1060362
https://bugzilla.suse.com/1060364
SUSE Bug 1060364
https://bugzilla.suse.com/1063832
SUSE Bug 1063832
https://bugzilla.suse.com/1143944
SUSE Bug 1143944
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
CVE-2017-14492
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
moderate
4.8
AV:A/AC:L/Au:N/C:N/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
https://www.suse.com/security/cve/CVE-2017-14492.html
CVE-2017-14492
https://bugzilla.suse.com/1060355
SUSE Bug 1060355
https://bugzilla.suse.com/1060360
SUSE Bug 1060360
https://bugzilla.suse.com/1060361
SUSE Bug 1060361
https://bugzilla.suse.com/1060362
SUSE Bug 1060362
https://bugzilla.suse.com/1060364
SUSE Bug 1060364
https://bugzilla.suse.com/1063832
SUSE Bug 1063832
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
CVE-2017-14493
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
moderate
4.8
AV:A/AC:L/Au:N/C:N/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
https://www.suse.com/security/cve/CVE-2017-14493.html
CVE-2017-14493
https://bugzilla.suse.com/1060360
SUSE Bug 1060360
https://bugzilla.suse.com/1060361
SUSE Bug 1060361
https://bugzilla.suse.com/1060362
SUSE Bug 1060362
https://bugzilla.suse.com/1060364
SUSE Bug 1060364
https://bugzilla.suse.com/1063832
SUSE Bug 1063832
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
CVE-2017-14494
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
moderate
3.3
AV:A/AC:L/Au:N/C:P/I:N/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
https://www.suse.com/security/cve/CVE-2017-14494.html
CVE-2017-14494
https://bugzilla.suse.com/1060360
SUSE Bug 1060360
https://bugzilla.suse.com/1060361
SUSE Bug 1060361
https://bugzilla.suse.com/1060362
SUSE Bug 1060362
https://bugzilla.suse.com/1060364
SUSE Bug 1060364
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
CVE-2017-14495
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
important
7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
https://www.suse.com/security/cve/CVE-2017-14495.html
CVE-2017-14495
https://bugzilla.suse.com/1060360
SUSE Bug 1060360
https://bugzilla.suse.com/1060361
SUSE Bug 1060361
https://bugzilla.suse.com/1060362
SUSE Bug 1060362
https://bugzilla.suse.com/1060364
SUSE Bug 1060364
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
CVE-2017-14496
openSUSE Leap 42.2:dnsmasq-2.78-13.1
openSUSE Leap 42.2:dnsmasq-utils-2.78-13.1
openSUSE Leap 42.3:dnsmasq-2.78-13.1
openSUSE Leap 42.3:dnsmasq-utils-2.78-13.1
important
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
https://www.suse.com/security/cve/CVE-2017-14496.html
CVE-2017-14496
https://bugzilla.suse.com/1060360
SUSE Bug 1060360
https://bugzilla.suse.com/1060361
SUSE Bug 1060361
https://bugzilla.suse.com/1060362
SUSE Bug 1060362
https://bugzilla.suse.com/1060364
SUSE Bug 1060364