[Dnsmasq-discuss] Announce: dnsmasq-2.78.

Simon Kelley simon at thekelleys.org.uk
Mon Oct 2 14:50:36 BST 2017


I've just released a new stable version of dnsmasq 2.78

Download is available at

http://thekelleys.org.uk/dnsmasq/dnsmasq-2.78.tar.gz


This is a bugfix release, and, amongst other things, addresses a set of
serious security vulnerabilities. Update should be mandatory.

CHANGELOG is attached below.

version 2.78
        Fix logic of appending ".<layer>" to PXE basename. Thanks to 	
	Chris Novakovic for the patch.

        Revert ping-check of address in DHCPDISCOVER if there
        already exists a lease for the address. Under some
        circumstances, and netbooted windows installation can reply
        to pings before if has a DHCP lease and block allocation
        of the address it already used during netboot. Thanks to
        Jan Psota for spotting this.

        Fix DHCP relaying, broken in 2.76 and 2.77 by commit
        ff325644c7afae2588583f935f4ea9b9694eb52e. Thanks to
        John Fitzgibbon for the diagnosis and patch.

        Try other servers if first returns REFUSED when
        --strict-order active. Thanks to Hans Dedecker
        for the patch

        Fix regression in 2.77, ironically added as a security
        improvement, which resulted in a crash when a DNS
        query exceeded 512 bytes (or the EDNS0 packet size,
        if different.) Thanks to Christian Kujau, Arne Woerner
        Juan Manuel Fernandez and Kevin Darbyshire-Bryant for
        chasing this one down.  CVE-2017-13704 applies.

        Fix heap overflow in DNS code. This is a potentially serious
        security hole. It allows an attacker who can make DNS
        requests to dnsmasq, and who controls the contents of
        a domain, which is thereby queried, to overflow
        (by 2 bytes) a heap buffer and either crash, or
        even take control of, dnsmasq.
        CVE-2017-14491 applies.
        Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
        Kevin Hamacher and Ron Bowes of the Google Security Team for
        finding this.
        Fix heap overflow in IPv6 router advertisement code.
        This is a potentially serious security hole, as a
        crafted RA request can overflow a buffer and crash or
        control dnsmasq. Attacker must be on the local network.
        CVE-2017-14492 applies.
        Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
        and Kevin Hamacher of the Google Security Team for
        finding this.

        Fix stack overflow in DHCPv6 code. An attacker who can send
        a DHCPv6 request to dnsmasq can overflow the stack frame and
        crash or control dnsmasq.
        CVE-2017-14493 applies.
        Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
        Kevin Hamacher and Ron Bowes of the Google Security Team for
        finding this.

        Fix information leak in DHCPv6. A crafted DHCPv6 packet can
        cause dnsmasq to forward memory from outside the packet
        buffer to a DHCPv6 server when acting as a relay.
        CVE-2017-14494 applies.
        Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
        Kevin Hamacher and Ron Bowes of the Google Security Team for
        finding this.

        Fix DoS in DNS. Invalid boundary checks in the
        add_pseudoheader function allows a memcpy call with negative
        size An attacker which can send malicious DNS queries
        to dnsmasq can trigger a DoS remotely.
        dnsmasq is vulnerable only if one of the following option is
        specified: --add-mac, --add-cpe-id or --add-subnet.
        CVE-2017-14496 applies.
        Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
        Kevin Hamacher and Ron Bowes of the Google Security Team for
        finding this.

        Fix out-of-memory Dos vulnerability. An attacker which can
        send malicious DNS queries to dnsmasq can trigger memory
        allocations in the add_pseudoheader function
        The allocated memory is never freed which leads to a DoS
        through memory exhaustion. dnsmasq is vulnerable only
        if one of the following option is specified:
        --add-mac, --add-cpe-id or --add-subnet.
        CVE-2017-14495 applies.
        Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
        Kevin Hamacher and Ron Bowes of the Google Security Team for
        finding this.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20171002/247443fe/attachment.sig>


More information about the Dnsmasq-discuss mailing list