Fedora 9: 2009-1070 Important Patch for Dnsmasq Security Vulnerability

Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server.

It is designed to provide DNS and, optionally, DHCP, to a small network.

It can serve the names of local machines which are not in the global

DNS. The DHCP server integrates with the DNS server and allows machines

with DHCP-allocated addresses to appear in the DNS with names configured

either in each host or in a central configuration file. Dnsmasq supports

static and dynamic DHCP leases and BOOTP for network booting of diskless

machines.

Update to newer upstream version - 2.45. Version of dnsmasq previously

shipped in Fedora 9 did not properly drop privileges, causing it to run as root

instead of intended user nobody. Issue was caused by a bug in kernel-headers

used in build environment of the original packages. (#454415) New upstream

version also adds DNS query source port randomization, mitigating DNS spoofing

attacks. (CVE-2008-1447)

* Mon Jul 21 2008 Patrick "Jima" Laughton 2.45-1

- Upstream release (bugfixes)

* Wed Jul 16 2008 Patrick "Jima" Laughton 2.43-2

- New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113

- Dropped patch for newer glibc (merged upstream)

[ 1 ] Bug #449345 - CVE-2008-1447 implement source UDP port randomization (CERT VU#800113)

https://bugzilla.redhat.com/show_bug.cgi?id=449345

su -c 'yum update dnsmasq' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/