what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-4698-2

Ubuntu Security Notice USN-4698-2
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4698-2 - USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. A remote attacker could use this issue to perform a cache poisoning attack. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. A remote attacker could use this issue to perform a cache poisoning attack. It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-14834, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
SHA-256 | e42a5bdd054f191f80e2ffa56b1efcc9969c7a22e49b0f34c75af8093966adec

Ubuntu Security Notice USN-4698-2

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-4698-2
February 24, 2021

dnsmasq regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

USN-4698-1 introduced regressions in Dnsmasq.

Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server

Details:

USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced
regressions in certain environments related to issues with multiple
queries, and issues with retries. This update fixes the problem.

Original advisory details:

Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
memory when sorting RRsets. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
extracting certain names. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25682, CVE-2020-25683)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly
implemented address/port checks. A remote attacker could use this issue to
perform a cache poisoning attack. (CVE-2020-25684)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly
implemented query resource name checks. A remote attacker could use this
issue to perform a cache poisoning attack. (CVE-2020-25685)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
multiple query requests for the same resource name. A remote attacker could
use this issue to perform a cache poisoning attack. (CVE-2020-25686)
It was discovered that Dnsmasq incorrectly handled memory during DHCP
response creation. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS. (CVE-2019-14834)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
dnsmasq 2.82-1ubuntu1.2
dnsmasq-base 2.82-1ubuntu1.2
dnsmasq-utils 2.82-1ubuntu1.2

Ubuntu 20.04 LTS:
dnsmasq 2.80-1.1ubuntu1.3
dnsmasq-base 2.80-1.1ubuntu1.3
dnsmasq-utils 2.80-1.1ubuntu1.3

Ubuntu 18.04 LTS:
dnsmasq 2.79-1ubuntu0.3
dnsmasq-base 2.79-1ubuntu0.3
dnsmasq-utils 2.79-1ubuntu0.3

Ubuntu 16.04 LTS:
dnsmasq 2.75-1ubuntu0.16.04.8
dnsmasq-base 2.75-1ubuntu0.16.04.8
dnsmasq-utils 2.75-1ubuntu0.16.04.8

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4698-2
https://usn.ubuntu.com/4698-1
https://launchpad.net/bugs/1916462

Package Information:
https://launchpad.net/ubuntu/+source/dnsmasq/2.82-1ubuntu1.2
https://launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.8
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close