dnsmasq 2.76 security update

Support for security such as Firewalls and securing linux
Post Reply
mirek_adept
Posts: 2
Joined: 2018/04/23 20:06:41
Location: Poland

dnsmasq 2.76 security update

Post by mirek_adept » 2018/04/23 21:30:08

My CentOS version is 7.4.1708 (according to /etc/centos-release).

yum info dnsmasq shows:
...
Version : 2.76
Release : 2.el7_4.2
Repo : installed
From repo : updates
...

yum update dnsmasq ends with message: No packages marked for update

Could you explain if dnsmasq 2.76 contain security patches against known vulnerabilities (published october 2 2017)?

Additional information:

From https://www.us-cert.gov/ncas/current-ac ... rabilities

Dnsmasq versions 2.77 and prior contain multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review VUL Note VU#973527 for more information and update to dnsmasq version 2.78.

From https://www.rapid7.com/db/vulnerabiliti ... 2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
My english is not good, so feel free to correct my posts.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: dnsmasq 2.76 security update

Post by avij » 2018/04/23 23:23:53

The place to go is https://access.redhat.com/security/cve/cve-2017-14491 which states that the fixes for these vulnerabilities were included in https://access.redhat.com/errata/RHSA-2017:2836 which is dnsmasq-2.76-2.el7_4.2. This is the version you are running so you are safe.

Note that Red Hat / CentOS backports fixes to older versions. Therefore you should not worry too much about the version number. rpm -q dnsmasq --changelog | grep -i cve is usually useful as well.

mirek_adept
Posts: 2
Joined: 2018/04/23 20:06:41
Location: Poland

Re: dnsmasq 2.76 security update

Post by mirek_adept » 2018/04/24 11:08:17

Thank you avij.

Serious operating system requires serious learning.
My english is not good, so feel free to correct my posts.

Post Reply