-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-84440e87ba 2021-01-21 01:44:43.057749 --------------------------------------------------------------------------------
Name : dnsmasq Product : Fedora 33 Version : 2.83 Release : 1.fc33 URL : http://www.thekelleys.org.uk/dnsmasq/ Summary : A lightweight DHCP/caching DNS server Description : Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.
-------------------------------------------------------------------------------- Update Information:
[Dnspooq](https://www.jsof-tech.com/disclosures/dnspooq/) security fixes. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 19 2021 Petr Men����k pemensik@redhat.com - 2.83-1 - Update to 2.83, fix CVE-2020-25681-7 * Fri Oct 9 2020 Petr Men����k pemensik@redhat.com - 2.82-4 - Remove uninitialized condition from downstream patch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1917781 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1917781 [ 2 ] Bug #1917782 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1917782 [ 3 ] Bug #1917783 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1917783 [ 4 ] Bug #1917784 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1917784 [ 5 ] Bug #1917785 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1917785 [ 6 ] Bug #1917787 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1917787 [ 7 ] Bug #1917796 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1917796 [ 8 ] Bug #1917801 - dnsmasq-2.83 is available https://bugzilla.redhat.com/show_bug.cgi?id=1917801 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-84440e87ba' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org