This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2208269033252801117== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="URNnJ2bV6cIPbOAGjTxKtsJnVQ95Vh3fa"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --URNnJ2bV6cIPbOAGjTxKtsJnVQ95Vh3fa Content-Type: multipart/mixed; boundary="oMdcovArStMhrrdPsc2tfEKngbnAc1OfB"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <88167c30-5589-6599-7649-cf63923d4840@canonical.com> Subject: [USN-3430-1] Dnsmasq vulnerabilities
--oMdcovArStMhrrdPsc2tfEKngbnAc1OfB Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3430-1 October 02, 2017
dnsmasq vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: dnsmasq 2.76-5ubuntu0.1 dnsmasq-base 2.76-5ubuntu0.1 dnsmasq-utils 2.76-5ubuntu0.1
Ubuntu 16.04 LTS: dnsmasq 2.75-1ubuntu0.16.04.3 dnsmasq-base 2.75-1ubuntu0.16.04.3 dnsmasq-utils 2.75-1ubuntu0.16.04.3
Ubuntu 14.04 LTS: dnsmasq 2.68-1ubuntu0.2 dnsmasq-base 2.68-1ubuntu0.2 dnsmasq-utils 2.68-1ubuntu0.2
After a standard system update you need to reboot your computer to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3430-1 CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496
Package Information: https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1 https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3 https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2
--oMdcovArStMhrrdPsc2tfEKngbnAc1OfB--
--URNnJ2bV6cIPbOAGjTxKtsJnVQ95Vh3fa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZ0lcBAAoJEGVp2FWnRL6TJnsP/Rp1kq/hjKtoCshWgqx9WMyR F7bt5lVZTZzVlLrQqAs3N19MpwMrP2Ro7gsS2wIIOv1FSKze3kvD9MwsSmWAa3iY 6q0MPCSfPE+pJ78aio3EcZlfk6JpXfmGotBfzTWoUhYbv29uywmJypFhmHeITrWZ +Nj5xOvX4U8V7f8W4R4+//SHSf6ftuL2AWb0s7bFZketA27ftCmav+akXGz0yNQf nXCpOwRWqAr5JTDOhfwRazoJKRSBbnEyIVsSLfkqZUhJ45CwgJrOXep/ZfAf33vK CGtNk9H0NFLiD2k4IMyva2gFmau+cmq/4C9O5wtwpAkIftsX0TYW/OAP7Gw1BsFv O9S99vetsTQROZJL90hewmu0z+U6fXnFRH8QgTsf8ovht5YXN+OUQWUb0+iyCTni Yp5WsiClEJu/mbWvyNL+WFAAUQd+XUZzEpPwIA8EH72ZUNcYp/oCbGVYImhm3rmN gXWyxOIP7rocj3XskhTmGCyfEUDgqHos3Mjvgb2Dm2gr9CQfVEM+vhDRKMnQAX4d kcxpbWY3lETvgCvjY3mitOmVuZZk6cHK242YN0j9FD73NFUoQMk5Sqbyd7R/Gfgu 5fwiPch2fpdo8Z0rvSojy8bUmzHjd3/ZNjZ/0EXJx4rgkwxmWCqmJhHYAFQ8TJr8 8JVIlwWQjQ1TvFmkpy98 =XkG1 -----END PGP SIGNATURE-----
--URNnJ2bV6cIPbOAGjTxKtsJnVQ95Vh3fa--
--===============2208269033252801117== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============2208269033252801117==--
|