You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa dnsmasq

Sigurnosni nedostaci programskog paketa dnsmasq

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2017-10-06 13:44:21.530944

Name : dnsmasq
Product : Fedora 26
Version : 2.76
Release : 5.fc26
Summary : A lightweight DHCP/caching DNS server
Description :
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server.
It is designed to provide DNS and, optionally, DHCP, to a small network.
It can serve the names of local machines which are not in the global
DNS. The DHCP server integrates with the DNS server and allows machines
with DHCP-allocated addresses to appear in the DNS with names configured
either in each host or in a central configuration file. Dnsmasq supports
static and dynamic DHCP leases and BOOTP for network booting of diskless

Update Information:

CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495

[ 1 ] Bug #1495409 – CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies
[ 2 ] Bug #1495410 – CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code
[ 3 ] Bug #1495411 – CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code
[ 4 ] Bug #1495412 – CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code
[ 5 ] Bug #1495415 – CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code
[ 6 ] Bug #1495416 – CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade dnsmasq’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-10-0037-ADV
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak u jezgri operacijskog sustava RHEL 6. Otkriveni nedostatak potencijalnim lokalnim napadačima omogućuje rušenje servisa i, iako...