An update for dnsmasq is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1821
Final
1.0
1.0
2022-08-12
Initial
2022-08-12
2022-08-12
openEuler SA Tool V1.0
2022-08-12
dnsmasq security update
An update for dnsmasq is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3.
Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.
Security Fix(es):
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.(CVE-2020-14312)
An update for dnsmasq is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
dnsmasq
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1821
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-14312
https://nvd.nist.gov/vuln/detail/CVE-2020-14312
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
dnsmasq-help-2.82-10.oe1.aarch64.rpm
dnsmasq-2.82-10.oe1.aarch64.rpm
dnsmasq-debuginfo-2.82-10.oe1.aarch64.rpm
dnsmasq-debugsource-2.82-10.oe1.aarch64.rpm
dnsmasq-debugsource-2.82-11.oe1.aarch64.rpm
dnsmasq-2.82-11.oe1.aarch64.rpm
dnsmasq-help-2.82-11.oe1.aarch64.rpm
dnsmasq-debuginfo-2.82-11.oe1.aarch64.rpm
dnsmasq-2.82-10.oe1.src.rpm
dnsmasq-2.82-11.oe1.src.rpm
dnsmasq-debugsource-2.82-10.oe1.x86_64.rpm
dnsmasq-help-2.82-10.oe1.x86_64.rpm
dnsmasq-debuginfo-2.82-10.oe1.x86_64.rpm
dnsmasq-2.82-10.oe1.x86_64.rpm
dnsmasq-debugsource-2.82-11.oe1.x86_64.rpm
dnsmasq-2.82-11.oe1.x86_64.rpm
dnsmasq-debuginfo-2.82-11.oe1.x86_64.rpm
dnsmasq-help-2.82-11.oe1.x86_64.rpm
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.
2022-08-12
CVE-2020-14312
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
dnsmasq security update
2022-08-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1821