--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-84440e87ba
2021-01-21 01:44:43.057749
--------------------------------------------------------------------------------
Name : dnsmasq
Product : Fedora 33
Version : 2.83
Release : 1.fc33
URL :
http://www.thekelleys.org.uk/dnsmasq/
Summary : A lightweight DHCP/caching DNS server
Description :
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server.
It is designed to provide DNS and, optionally, DHCP, to a small network.
It can serve the names of local machines which are not in the global
DNS. The DHCP server integrates with the DNS server and allows machines
with DHCP-allocated addresses to appear in the DNS with names configured
either in each host or in a central configuration file. Dnsmasq supports
static and dynamic DHCP leases and BOOTP for network booting of diskless
machines.
--------------------------------------------------------------------------------
Update Information:
[
Dnspooq](https://www.jsof-tech.com/disclosures/dnspooq/) security fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 19 2021 Petr Men����k <pemensik(a)redhat.com> - 2.83-1
- Update to 2.83, fix CVE-2020-25681-7
* Fri Oct 9 2020 Petr Men����k <pemensik(a)redhat.com> - 2.82-4
- Remove uninitialized condition from downstream patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1917781 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset()
when DNSSEC is enabled [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1917781
[ 2 ] Bug #1917782 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to
missing length check when DNSSEC is enabled [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1917782
[ 3 ] Bug #1917783 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large
memcpy in get_rdata() when DNSSEC is enabled [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1917783
[ 4 ] Bug #1917784 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query()
makes forging replies easier for an off-path attacker [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1917784
[ 5 ] Bug #1917785 - CVE-2020-25685 dnsmasq: loose query name check in reply_query()
makes forging replies easier for an off-path attacker [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1917785
[ 6 ] Bug #1917787 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same
name makes forging replies easier for an off-path attacker [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1917787
[ 7 ] Bug #1917796 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large
memcpy in sort_rrset() when DNSSEC is enabled [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1917796
[ 8 ] Bug #1917801 - dnsmasq-2.83 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1917801
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-84440e87ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------