From Mageia wiki
Jump to: navigation, search

MGASA-2012-0273

Date: September 18th, 2012
Affected releases: 1, 2


Description:
Updated dnsmasq packages fix security vulnerabilities:

When dnsmasq before 2.63 is used in conjunctions with certain
configurations of libvirtd, network packets from prohibited networks
(e.g. packets that should not be passed in) may be sent to the dnsmasq
application and processed. This can result in DNS amplification attacks
for example (CVE-2012-3411).

This update adds a new option --bind-dynamic which is immune to this
problem.


Updated Packages:
Mageia 1:
dnsmasq-2.63-1.mga1
dnsmasq-base-2.63-1.mga1

Mageia 2:
dnsmasq-2.63-1.mga2
dnsmasq-base-2.63-1.mga2


References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3411
http://thekelleys.org.uk/dnsmasq/CHANGELOG
https://bugs.mageia.org/show_bug.cgi?id=7466