Mageia: 2020-0310 Critical: dnsmasq Open Resolver Vulnerability
mageia
July 31, 2020
Updated dnsmasq package fix insecure default configuration potentially making it an open resolver (CVE-2020-14312)
Summary
Updated dnsmasq package fix insecure default configuration potentially
making it an open resolver (CVE-2020-14312).
In its default configuration, dnsmasq listen and answer query from any
address even outside of the local subnet. Thus, it may inadvertently
become an open resolver which might be used in Distributed Denial of
Service attacks.
This update add the option --local-service at startup which limits
dnsmasq to listen only to machines on the same local network.
This option only works if there aren't any of the following options
on cmdline or in dnsmasq.conf (without the double dash):
--interface
--except-interface
--listen-address
--auth-server
References
- https://bugs.mageia.org/show_bug.cgi?id=26964
- https://bugzilla.redhat.com/show_bug.cgi?id=1851342
- https://bugzilla.redhat.com/show_bug.cgi?id=1852373
- https://www.cve.org/CVERecord?id=CVE-2020-14312
Topics Covered
Resolution
SRPMS
- 7/core/dnsmasq-2.80-5.3.mga7
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 31 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0310.html
Type: security
CVE: CVE-2020-14312
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!