[Dnsmasq-discuss] Announce: dnsmasq-2.50
Simon Kelley
simon at thekelleys.org.uk
Mon Aug 31 18:01:14 BST 2009
This is a security update to 2.49 only.
The CHANGELOG:
version 2.50
Fix security problem which allowed any host permitted to
do TFTP to possibly compromise dnsmasq by remote buffer
overflow when TFTP enabled. Thanks to Core Security
Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
Pablo Annetta. This problem has Bugtraq id: 36121
and CVE: 2009-2957
Fix a problem which allowed a malicious TFTP client to
crash dnsmasq. Thanks to Steve Grubb at Red Hat for
spotting this. This problem has Bugtraq id: 36120 and
CVE: 2009-2958
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list