Debian Bug report logs -
#877102
dnsmasq: CVE-2017-13704: Size parameter overflow via large DNS query
Package:
src:dnsmasq;
Maintainer for src:dnsmasq is Simon Kelley <simon@thekelleysorguk>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 28 Sep 2017 18:39:02 UTC
Severity: grave
Tags: fixed-upstre ...
Felix Wilhelm, Fermin J Serna, Gabriel Campana, Kevin Hamacher, Ron
Bowes and Gynvael Coldwind of the Google Security Team discovered
several vulnerabilities in dnsmasq, a small caching DNS proxy and
DHCP/TFTP server, which may result in denial of service, information
leak or the execution of arbitrary code
For the oldstable distribution (jessie) ...
Synopsis
Critical: dnsmasq security update
Type/Severity
Security Advisory: Critical
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 5 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring S ...
Synopsis
Critical: dnsmasq security update
Type/Severity
Security Advisory: Critical
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis
Critical: dnsmasq security update
Type/Severity
Security Advisory: Critical
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 59 Long LifeRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis
Critical: dnsmasq security update
Type/Severity
Security Advisory: Critical
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 62 Advanced Update Support, Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux 65 Advanced Update Support, Red Hat Ente ...
Synopsis
Critical: dnsmasq security update
Type/Severity
Security Advisory: Critical
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis
Critical: dnsmasq security update
Type/Severity
Security Advisory: Critical
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 72 Extended Update Support and Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a secur ...
Several security issues were fixed in Dnsmasq ...
USN-3430-2 introduced regression in Dnsmasq ...
Several security issues were fixed in Dnsmasq ...
Information leak in the DHCPv6 relay codeAn information leak was found in dnsmasq in the DHCPv6 relay code An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data (CVE-2017-14494)
Memory exhaustion vulnerability in the EDNS0 codeA memory ...
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet (CVE-2017 ...
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code ...