Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-827-1: Dnsmasq vulnerabilities
Posted by Bob on: 09/01/2009 10:55 PM [ Print | 0 comment(s) ]
A new Dnsmasq vulnerabilities update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-827-1 September 01, 2009
dnsmasq vulnerabilities
CVE-2009-2957, CVE-2009-2958
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
dnsmasq-base 2.41-2ubuntu2.2
Ubuntu 8.10:
dnsmasq-base 2.45-1ubuntu1.1
Ubuntu 9.04:
dnsmasq-base 2.47-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA=ADn Coco,
Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not
properly validate its input when processing TFTP requests for files with
long names. A remote attacker could cause a denial of service or execute
arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by
default on Ubuntu. (CVE-2009-2957)
Steve Grubb discovered that Dnsmasq could be made to dereference a NULL
pointer when processing certain TFTP requests. A remote attacker could
cause a denial of service by sending a crafted TFTP request.
(CVE-2009-2958)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubu=
ntu2.2.diff.gz
Size/MD5: 22736 b0b1196898ba0a1d49dd3d767c1d685c
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubu=
ntu2.2.dsc
Size/MD5: 706 ecf4c36193d5063039a63f33712df6e2
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41.orig=
=2Etar.gz
Size/MD5: 357997 8d0acd6656299a800c4d1be5a1193e39
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.41-=
2ubuntu2.2_all.deb
Size/MD5: 11964 e5fa2630695acfe9caa62d0d30a89b01
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41=
-2ubuntu2.2_amd64.deb
Size/MD5: 210274 aab9865b6ad46104e28e5db9e98f6c74
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41=
-2ubuntu2.2_i386.deb
Size/MD5: 202712 36d3885ee58bdb59ae323c9ea9528f3c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.=
2_lpia.deb
Size/MD5: 203286 0c2f1dbfefdbc27905284d323be2023d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.=
2_powerpc.deb
Size/MD5: 210564 53e28b512b863f41a605979c2ae4d51e
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.=
2_sparc.deb
Size/MD5: 204218 2c03e7df659884baeac446d0a87c8e9e
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45-1ubu=
ntu1.1.diff.gz
Size/MD5: 15256 100f87ac7b49fd2ad56a1baccd1aeae5
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45-1ubu=
ntu1.1.dsc
Size/MD5: 1098 74863177e20c0340d7cf225fb60ac182
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45.orig=
=2Etar.gz
Size/MD5: 377466 59106495260bb2d0f184f0d4ae88d740
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.45-=
1ubuntu1.1_all.deb
Size/MD5: 12164 c78f9591778ad9fdea8744553cfe21d0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.45=
-1ubuntu1.1_amd64.deb
Size/MD5: 219310 7d5435aeb7bd3b1c8c12c8e830f6e167
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.45=
-1ubuntu1.1_i386.deb
Size/MD5: 212322 c3053944a71e5be108251e1eadcb206c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.=
1_lpia.deb
Size/MD5: 211744 976e638797537eac32e3fd96ec0a78b9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.=
1_powerpc.deb
Size/MD5: 217828 78d5925bd54239598042b81230341f95
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.=
1_sparc.deb
Size/MD5: 213498 b43f01c34f8471173bd8177b0300f292
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47-3ubu=
ntu0.1.diff.gz
Size/MD5: 15599 54f4b48ec1ec03b06a5fa8b2706c0611
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47-3ubu=
ntu0.1.dsc
Size/MD5: 1098 786c3dc587ceb870ea724d66ff0085dc
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47.orig=
=2Etar.gz
Size/MD5: 393306 8bf2bd2dcbd5b3e7a689611d20b51126
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.47-=
3ubuntu0.1_all.deb
Size/MD5: 13004 11219fb5f0ecd525a1bfb7ce95fd5e81
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.47=
-3ubuntu0.1_amd64.deb
Size/MD5: 229344 9c43a00001bb1feef5e3340225fc4704
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.47=
-3ubuntu0.1_i386.deb
Size/MD5: 221568 e28309342282e463efdf10694046b96c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.=
1_lpia.deb
Size/MD5: 221032 19755ca579fa44543f3658d20abbcaac
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.=
1_powerpc.deb
Size/MD5: 227238 a30b637a127aa09a0425550be64c5b49
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.=
1_sparc.deb
Size/MD5: 222732 0f7dd8d1aabcad788a50b147fd1cb6ba
--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqdl3wACgkQW0JvuRdL8Bp+rACfVjSClJKRD2QT2Jv4re+xPIIq
im4AoJSVGW3KGHwqKUP5JE2UEK3sy1Fa
=oT2k
-----END PGP SIGNATURE-----
dnsmasq vulnerabilities
CVE-2009-2957, CVE-2009-2958
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
dnsmasq-base 2.41-2ubuntu2.2
Ubuntu 8.10:
dnsmasq-base 2.45-1ubuntu1.1
Ubuntu 9.04:
dnsmasq-base 2.47-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA=ADn Coco,
Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not
properly validate its input when processing TFTP requests for files with
long names. A remote attacker could cause a denial of service or execute
arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by
default on Ubuntu. (CVE-2009-2957)
Steve Grubb discovered that Dnsmasq could be made to dereference a NULL
pointer when processing certain TFTP requests. A remote attacker could
cause a denial of service by sending a crafted TFTP request.
(CVE-2009-2958)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubu=
ntu2.2.diff.gz
Size/MD5: 22736 b0b1196898ba0a1d49dd3d767c1d685c
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubu=
ntu2.2.dsc
Size/MD5: 706 ecf4c36193d5063039a63f33712df6e2
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41.orig=
=2Etar.gz
Size/MD5: 357997 8d0acd6656299a800c4d1be5a1193e39
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.41-=
2ubuntu2.2_all.deb
Size/MD5: 11964 e5fa2630695acfe9caa62d0d30a89b01
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41=
-2ubuntu2.2_amd64.deb
Size/MD5: 210274 aab9865b6ad46104e28e5db9e98f6c74
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41=
-2ubuntu2.2_i386.deb
Size/MD5: 202712 36d3885ee58bdb59ae323c9ea9528f3c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.=
2_lpia.deb
Size/MD5: 203286 0c2f1dbfefdbc27905284d323be2023d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.=
2_powerpc.deb
Size/MD5: 210564 53e28b512b863f41a605979c2ae4d51e
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.=
2_sparc.deb
Size/MD5: 204218 2c03e7df659884baeac446d0a87c8e9e
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45-1ubu=
ntu1.1.diff.gz
Size/MD5: 15256 100f87ac7b49fd2ad56a1baccd1aeae5
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45-1ubu=
ntu1.1.dsc
Size/MD5: 1098 74863177e20c0340d7cf225fb60ac182
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.45.orig=
=2Etar.gz
Size/MD5: 377466 59106495260bb2d0f184f0d4ae88d740
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.45-=
1ubuntu1.1_all.deb
Size/MD5: 12164 c78f9591778ad9fdea8744553cfe21d0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.45=
-1ubuntu1.1_amd64.deb
Size/MD5: 219310 7d5435aeb7bd3b1c8c12c8e830f6e167
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.45=
-1ubuntu1.1_i386.deb
Size/MD5: 212322 c3053944a71e5be108251e1eadcb206c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.=
1_lpia.deb
Size/MD5: 211744 976e638797537eac32e3fd96ec0a78b9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.=
1_powerpc.deb
Size/MD5: 217828 78d5925bd54239598042b81230341f95
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.45-1ubuntu1.=
1_sparc.deb
Size/MD5: 213498 b43f01c34f8471173bd8177b0300f292
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47-3ubu=
ntu0.1.diff.gz
Size/MD5: 15599 54f4b48ec1ec03b06a5fa8b2706c0611
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47-3ubu=
ntu0.1.dsc
Size/MD5: 1098 786c3dc587ceb870ea724d66ff0085dc
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.47.orig=
=2Etar.gz
Size/MD5: 393306 8bf2bd2dcbd5b3e7a689611d20b51126
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dnsmasq/dnsmasq_2.47-=
3ubuntu0.1_all.deb
Size/MD5: 13004 11219fb5f0ecd525a1bfb7ce95fd5e81
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.47=
-3ubuntu0.1_amd64.deb
Size/MD5: 229344 9c43a00001bb1feef5e3340225fc4704
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.47=
-3ubuntu0.1_i386.deb
Size/MD5: 221568 e28309342282e463efdf10694046b96c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.=
1_lpia.deb
Size/MD5: 221032 19755ca579fa44543f3658d20abbcaac
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.=
1_powerpc.deb
Size/MD5: 227238 a30b637a127aa09a0425550be64c5b49
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.47-3ubuntu0.=
1_sparc.deb
Size/MD5: 222732 0f7dd8d1aabcad788a50b147fd1cb6ba
--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqdl3wACgkQW0JvuRdL8Bp+rACfVjSClJKRD2QT2Jv4re+xPIIq
im4AoJSVGW3KGHwqKUP5JE2UEK3sy1Fa
=oT2k
-----END PGP SIGNATURE-----
