A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.
{ "binaries": [ { "binary_name": "dnsmasq", "binary_version": "2.75-1ubuntu0.16.04.10" }, { "binary_name": "dnsmasq-base", "binary_version": "2.75-1ubuntu0.16.04.10" }, { "binary_name": "dnsmasq-utils", "binary_version": "2.75-1ubuntu0.16.04.10" } ], "ubuntu_priority": "low", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "dnsmasq", "binary_version": "2.79-1" }, { "binary_name": "dnsmasq-base", "binary_version": "2.79-1" }, { "binary_name": "dnsmasq-base-lua", "binary_version": "2.79-1" }, { "binary_name": "dnsmasq-utils", "binary_version": "2.79-1" } ], "ubuntu_priority": "low", "availability": "No subscription required" }