Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

SUSE: 2021:14604-2 Critical Dnsmasq Exploit Vulnerabilities

suse
Calendar Grey January 19, 2021
Dist Suse Esm H88
A recent security patch addresses 8 critical vulnerabilities in dnsmasq, which could lead to denial of service and cache poisoning attacks. Discover the specifics of the updates.
An update that fixes 8 vulnerabilities is now available

Summary

This update for dnsmasq fixes the following issues: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS:

References

#1154849 #1176076 #1177077

Cross- CVE-2019-14834 CVE-2020-25681 CVE-2020-25682

CVE-2020-25683 CVE-2020-25684 CVE-2020-25685

CVE-2020-25686 CVE-2020-25687

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2019-14834.html

https://www.suse.com/security/cve/CVE-2020-25681.html

https://www.suse.com/security/cve/CVE-2020-25682.html

https://www.suse.com/security/cve/CVE-2020-25683.html

https://www.suse.com/security/cve/CVE-2020-25684.html

https://www.suse.com/security/cve/CVE-2020-25685.html

https://www.suse.com/security/cve/CVE-2020-25686.html

https://www.suse.com/security/cve/CVE-2020-25687.html

https://bugzilla.suse.com/1154849

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:14603-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.