Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

SUSE: 2021:0162-1 Important: dnsmasq Fixing Multiple Issues

suse
Calendar Grey January 19, 2021
Dist Suse Esm H88
A critical SUSE security enhancement resolves dnsmasq flaws. Discover the specifics and how to apply the fixes.
An update that fixes 7 vulnerabilities is now available

Summary

This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-162=1 - SUSE Linux Enterprise Server 15-LTSS:

References

#1176076 #1177077

Cross- CVE-2020-25681 CVE-2020-25682 CVE-2020-25683

CVE-2020-25684 CVE-2020-25685 CVE-2020-25686

CVE-2020-25687

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CVE-2020-25681.html

https://www.suse.com/security/cve/CVE-2020-25682.html

https://www.suse.com/security/cve/CVE-2020-25683.html

https://www.suse.com/security/cve/CVE-2020-25684.html

https://www.suse.com/security/cve/CVE-2020-25685.html

https://www.suse.com/security/cve/CVE-2020-25686.html

https://www.suse.com/security/cve/CVE-2020-25687.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0162-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.