oss-sec mailing list archives
dnsmasq: CVE-2017-14491 to CVE-2017-14496 and CVE-2017-13704
From: Simon Kelley <simon () thekelleys org uk>
Date: Mon, 2 Oct 2017 16:47:18 +0100
A set of serious security vulnerabilities for dnsmasq have been released today. These include remote DoS and possibly code execution, and at least some apply to essentially every non-ancient dnsmasq release. Most of these were found by Google and their writeup is here. https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html The fixes are contained in the dnsmasq 2-78 release, announced here: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q4/011771.html and are in the dnsmasq git repo, here: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary Cheers, Simon.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- dnsmasq: CVE-2017-14491 to CVE-2017-14496 and CVE-2017-13704 Simon Kelley (Oct 02)