Overview

File _patchinfo of Package patchinfo.5747

<patchinfo incident="5747">
  <issue id="1035227" tracker="bnc">FATE#321175: [ECO] update to dnsmasq-2.75+</issue>
  <issue id="904537" tracker="bnc">dnsmasq logging broken by "PrivateDevices=yes"</issue>
  <issue id="1060361" tracker="bnc">CVE-2017-14494: dnsmasq: DHCP - info leak</issue>
  <issue id="1060360" tracker="bnc">CVE-2017-14493: dnsmasq: stack based overflow</issue>
  <issue id="1060362" tracker="bnc">CVE-2017-14495: dnsmasq: DNS - OOM DoS</issue>
  <issue id="1060364" tracker="bnc">CVE-2017-14496: dnsmasq: DNS - DoS Integer underflow</issue>
  <issue id="972164" tracker="bnc">Why DNSSEC does not block a fake answer ?</issue>
  <issue id="1060354" tracker="bnc">CVE-2017-14491: dnsmasq: DNS - 2 byte heap based overflow</issue>
  <issue id="908137" tracker="bnc">dnsmasq v2.71 and DNSSEC-capable validator</issue>
  <issue id="1060355" tracker="bnc">CVE-2017-14492: dnsmasq: heap based overflow</issue>
  <issue id="902511" tracker="bnc">dnsmasq does not log</issue>
  <issue id="2017-14495" tracker="cve" />
  <issue id="2017-14494" tracker="cve" />
  <issue id="2017-14496" tracker="cve" />
  <issue id="2017-14491" tracker="cve" />
  <issue id="2017-14493" tracker="cve" />
  <issue id="2017-14492" tracker="cve" />
  <issue id="2015-3294" tracker="cve" />
  <issue id="2015-8899" tracker="cve" />
  <issue id="321175" tracker="fate" />
  <issue id="322030" tracker="fate" />
  <issue id="318323" tracker="fate" />
  <category>security</category>
  <rating>important</rating>
  <packager>rmax</packager>
  <description>This update for dnsmasq fixes the following issues.

Remedy the following security issues:

- CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]
- CVE-2017-14492: heap based overflow. [bsc#1060355]
- CVE-2017-14493: stack based overflow. [bsc#1060360]
- CVE-2017-14494: DHCP - info leak. [bsc#1060361]
- CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]
- CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]
- Prevent a man-in-the-middle attack (bsc#972164, fate#321175).

Furthermore, the following issues have been fixed:

- Fix DHCP relaying, broken in 2.76 and 2.77.
- Update to version 2.78 (fate#321175, fate#322030, bsc#1035227).
- Fix PXE booting for UEFI architectures (fate#322030).
- Drop PrivateDevices=yes which breaks logging (bsc#902511, bsc#904537)
- Build with support for DNSSEC (fate#318323, bsc#908137).

Please note that this update brings a (small) potential incompatibility in the
handling of "basename" in --pxe-service. Please read the CHANGELOG and the
documentation if you are using this option.

</description>
  <summary>Security update for dnsmasq</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places