Ubuntu 12.04 ESM: USN-3430-2 Moderate: Dnsmasq DoS Threat
Oct 03, 2017
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Several security issues were fixed in Dnsmasq.
=========================================================================Ubuntu Security Notice USN-3430-2 October 03, 2017 dnsmasq vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Dnsmasq. Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server Details: USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14492) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14493) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. (CVE-2017-14494) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2017-14496) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: dnsmasq 2.59-4ubuntu0.3 dnsmasq-base 2.59-4ubuntu0.3 dnsmasq-utils 2.59-4ubuntu0.3 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3430-2 https://ubuntu.com/security/notices/USN-3430-1 CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496
PREVIOUS
NEXT
Ubuntu 12.04 ESM: USN-3430-2 Moderate: Dnsmasq DoS Threat
ubuntu
October 3, 2017
Several security issues were fixed in Dnsmasq.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: dnsmasq 2.59-4ubuntu0.3 dnsmasq-base 2.59-4ubuntu0.3 dnsmasq-utils 2.59-4ubuntu0.3 After a standard system update you need to reboot your computer to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-3430-2
https://ubuntu.com/security/notices/USN-3430-1
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,
CVE-2017-14495, CVE-2017-14496
Severity
important
Lowest
Low
Medium
High
Critical
October 03, 2017
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!