Several security issues were fixed in SmartDNS.
Software Description:
- smartdns: local DNS server to obtain the fastest IP for the best experience
Details:
It was discovered that SmartDNS did not correctly align certain objects in
memory, leading to undefined behaviour. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS. (CVE-2024-24198, CVE-2024-24199)
It was discovered that SmartDNS did not correctly handle certain inputs,
which could lead to an integer overflow. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-42643)
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 smartdns 46+dfsg-1ubuntu0.1 Ubuntu 24.04 LTS smartdns 45+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS smartdns 35+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7370-1
CVE-2024-24198, CVE-2024-24199, CVE-2024-42643
Get the latest Linux and open source security news straight to your inbox.