Security update for dnsmasq
Announcement ID: | SUSE-SU-2017:2619-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves eight vulnerabilities can now be installed.
Description:
This update for dnsmasq fixes the following security issues:
- CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
- CVE-2017-14492: heap based overflow. [bsc#1060355]
- CVE-2017-14493: stack based overflow. [bsc#1060360]
- CVE-2017-14494: DHCP - info leak. [bsc#1060361]
- CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]
- CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]
This update brings a (small) potential incompatibility in the handling of "basename" in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-dnsmasq-13294=1
-
SLES for SAP Applications 11-SP4
zypper in -t patch slessp4-dnsmasq-13294=1
Package List:
-
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
- dnsmasq-2.78-0.17.5.1
-
SLES for SAP Applications 11-SP4 (ppc64 x86_64)
- dnsmasq-2.78-0.17.5.1
References:
- https://www.suse.com/security/cve/CVE-2015-3294.html
- https://www.suse.com/security/cve/CVE-2015-8899.html
- https://www.suse.com/security/cve/CVE-2017-14491.html
- https://www.suse.com/security/cve/CVE-2017-14492.html
- https://www.suse.com/security/cve/CVE-2017-14493.html
- https://www.suse.com/security/cve/CVE-2017-14494.html
- https://www.suse.com/security/cve/CVE-2017-14495.html
- https://www.suse.com/security/cve/CVE-2017-14496.html
- https://bugzilla.suse.com/show_bug.cgi?id=1060354
- https://bugzilla.suse.com/show_bug.cgi?id=1060355
- https://bugzilla.suse.com/show_bug.cgi?id=1060360
- https://bugzilla.suse.com/show_bug.cgi?id=1060361
- https://bugzilla.suse.com/show_bug.cgi?id=1060362
- https://bugzilla.suse.com/show_bug.cgi?id=1060364