dnsmasq (SSA:2005-201-01)
Posted on: 07/21/2005 03:55 AM
New dnsmasq packages are available for Slackware 10.0, 10.1, and -current to fix security issues. An off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache.
More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/dnsmasq-2.22-i486-1.tgz: Upgraded to dnsmasq-2.22. This fixes an off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0877 (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+