Linux Security
    Linux Security
    Linux Security

    Debian: DSA-3251-2: dnsmasq regression update

    Date
    171
    Posted By
    The update for dnsmasq issued as DSA-3251-1 introduced a regression for the armel and armhf builds causing dnsmasq failing to start under certain configurations. Updated packages are now available to address this regression. Additionally dnsmasq was patched to handle the case
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3251-2                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                      Salvatore Bonaccorso
    May 07, 2015                           https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : dnsmasq
    Debian Bug     : 784571
    
    The update for dnsmasq issued as DSA-3251-1 introduced a regression for
    the armel and armhf builds causing dnsmasq failing to start under
    certain configurations. Updated packages are now available to address
    this regression. Additionally dnsmasq was patched to handle the case
    were the libc headers defined SO_REUSEPORT, but is not supported by the
    running kernel. For reference, the original advisory text follows.
    
    Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and
    DHCP/TFTP server, did not properly check the return value of the
    setup_reply() function called during a TCP connection, which is used
    then as a size argument in a function which writes data on the client's
    connection. A remote attacker could exploit this issue via a specially
    crafted DNS request to cause dnsmasq to crash, or potentially to obtain
    sensitive information from process memory.
    
    For the oldstable distribution (wheezy), this problem has been fixed
    in version 2.62-3+deb7u3.
    
    We recommend that you upgrade your dnsmasq packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.