Mandriva Linux Security Advisory 2013-072 - When dnsmasq before 2.63 is used in conjunctions with certain configurations of libvirtd, network packets from prohibited networks may be sent to the dnsmasq application and processed. This can result in DNS amplification attacks for example. This update adds a new option --bind-dynamic which is immune to this problem. This update completes the fix for provided with dnsmasq-2.63. It was found that after the upstream patch for - replied to remote TCP-protocol based DNS queries (UDP protocol ones were corrected, but TCP ones not) from prohibited networks, when the --bind-dynamic option was used, - when --except-interface lo option was used dnsmasq didn't answer local or remote UDP DNS queries, but still allowed TCP protocol based DNS queries, - when --except-interface lo option was not used local / remote TCP DNS queries were also still answered by dnsmasq. This update fix these three cases.
1cd386bf36da7fa53caf08c4160adba6ddda2710da43dfc47169182527b1d65f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed