[Dnsmasq-discuss] Announce: dnsmasq-2.50

Mon Aug 31 18:01:14 BST 2009

This is a security update to 2.49 only.

The CHANGELOG:

version 2.50
            Fix security problem which allowed any host permitted to
            do TFTP to possibly compromise dnsmasq by remote buffer
            overflow when TFTP enabled. Thanks to Core Security
            Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
            Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
            Pablo Annetta. This problem has Bugtraq id: 36121
            and CVE: 2009-2957

            Fix a problem which allowed a malicious TFTP client to
            crash dnsmasq. Thanks to Steve Grubb at Red Hat for
            spotting this. This problem has Bugtraq id: 36120 and
            CVE: 2009-2958

Cheers,

Simon.