Dnsmasq: Denial of Service — GLSA 201512-01

A vulnerability in Dnsmasq can lead to a Denial of Service condition.

Affected Packages

net-dns/dnsmasq on all architectures
Affected versions < 2.72-r2
Unaffected versions >= 2.72-r2

Background

Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server.

Description

An out-of-bounds read vulnerability has been found in the tcp_request function in Dnsmasq.

Impact

A remote attacker could send a specially crafted DNS request, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Dnsmasq users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.72-r2"
 

References

Release Date
December 17, 2015

Latest Revision
December 17, 2015: 1

Severity
normal

Exploitable
remote

Bugzilla entries