SUSE-SU-2019:3188-1

Source
https://www.suse.com/support/update/announcement/2019/suse-su-20193188-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:3188-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2019:3188-1
Related
Published
2019-12-05T10:45:00Z
Modified
2019-12-05T10:45:00Z
Summary
Security update for dnsmasq
Details

This update for dnsmasq fixes the following issues:

Security issues fixed:

  • CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849)
  • CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958).

Other issues addressed:
- Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543). - Removed cache size limit (bsc#1138743). - Included config files from /etc/dnsmasq.d/*.conf (bsc#1152539).

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 / dnsmasq

Package

Name
dnsmasq
Purl
purl:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.78-3.8.1

Ecosystem specific

{
    "binaries": [
        {
            "dnsmasq": "2.78-3.8.1"
        }
    ]
}