MGASA-2013-0030
| Date: | February 6th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated dnsmasq packages fix security vulnerabilities (CVE-2013-0198):
This update completes the fix for CVE-2012-3411 provided with dnsmasq-2.63.
It was found that after the upstream patch for CVE-2012-3411 issue was
applied, dnsmasq still:
- replied to remote TCP-protocol based DNS queries (UDP protocol ones were
corrected, but TCP ones not) from prohibited networks, when the
--bind-dynamic option was used,
- when --except-interface lo option was used dnsmasq didn't answer local or
remote UDP DNS queries, but still allowed TCP protocol based DNS queries,
- when --except-interface lo option was not used local / remote TCP DNS
queries were also still answered by dnsmasq.
This update fix these three cases.
Updated Packages:
i586:
dnsmasq-2.63-1.1.mga2.i586.rpm
dnsmasq-base-2.63-1.1.mga2.i586.rpm
dnsmasq-debug-2.63-1.1.mga2.i586.rpm
x86_64:
dnsmasq-2.63-1.1.mga2.x86_64.rpm
dnsmasq-base-2.63-1.1.mga2.x86_64.rpm
dnsmasq-debug-2.63-1.1.mga2.x86_64.rpm
SRPMS:
dnsmasq-2.63-1.1.mga2.src.rpm
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0198
https://bugzilla.redhat.com/show_bug.cgi?id=901555
https://bugzilla.redhat.com/show_bug.cgi?id=894486
https://bugs.mageia.org/show_bug.cgi?id=8795
