| |||||||||||||||||||
Mageia alert MGASA-2013-0030 (dnsmasq)
MGASA-2013-0030 Date: February 6th, 2013 Affected releases: 2 Media: Core Description: Updated dnsmasq packages fix security vulnerabilities (CVE-2013-0198): This update completes the fix for CVE-2012-3411 provided with dnsmasq-2.63. It was found that after the upstream patch for CVE-2012-3411 issue was applied, dnsmasq still: - replied to remote TCP-protocol based DNS queries (UDP protocol ones were corrected, but TCP ones not) from prohibited networks, when the --bind-dynamic option was used, - when --except-interface lo option was used dnsmasq didn't answer local or remote UDP DNS queries, but still allowed TCP protocol based DNS queries, - when --except-interface lo option was not used local / remote TCP DNS queries were also still answered by dnsmasq. This update fix these three cases. Updated Packages: i586: dnsmasq-2.63-1.1.mga2.i586.rpm dnsmasq-base-2.63-1.1.mga2.i586.rpm dnsmasq-debug-2.63-1.1.mga2.i586.rpm x86_64: dnsmasq-2.63-1.1.mga2.x86_64.rpm dnsmasq-base-2.63-1.1.mga2.x86_64.rpm dnsmasq-debug-2.63-1.1.mga2.x86_64.rpm SRPMS: dnsmasq-2.63-1.1.mga2.src.rpm References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0198 https://bugzilla.redhat.com/show_bug.cgi?id=901555 https://bugzilla.redhat.com/show_bug.cgi?id=894486 https://bugs.mageia.org/show_bug.cgi?id=8795 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||