[SECURITY] [DLA 2604-1] dnsmasq security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2604-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/
March 22, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : dnsmasq
Version : 2.76-5+deb9u3
CVE ID : CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684
CVE-2020-25687
Moshe Kol and Shlomi Oberman of JSOF discovered several
vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP
server. They could result in denial of service, cache poisoning or the
execution of arbitrary code.
For Debian 9 stretch, these problems have been fixed in version
2.76-5+deb9u3.
We recommend that you upgrade your dnsmasq packages.
For the detailed security status of dnsmasq please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dnsmasq
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmBY3ysACgkQDTl9HeUl
XjCOlBAAhWkGFlKi7DntJj9Yp2WLIB1HlSiyd6ddf76QK4jgCGPWrGAxmQUGR9fd
qEujxxyISuQ16Je2hUihS/2KULvXVYYb18JeenEIYlsfGXTXdiHYR70I9XSl6RAy
QTztUacLMZKPhE7Pza5d6ig5PXPWPrX7CAFEcQ3d6+hKacqmcsCmCHUxl4gytaEz
ALpu8mftQLylj1lvIgy6KWV8fALxD/8Z0b7+zeWk/9bECoA1zgdP89mUM4u3hSZr
grmItaLs3tXBLJ4fPuniWeS1pji1dJFG+CHD0/H/jRIRwIq6XpQyJ7Xau8y4673s
AGT478HUESVNmcqP1xoNriLuqRSo3z3aLbvO7lmq78jW9CxNG2IJZllo/cKBdFpp
gS6XoX5Hr29nmhzFuvliApvCSRwtClg+EcKX+L/nDqASsHTB6MlVrI+rTVs3KNVs
kWNZbiucSXKw94mZme/7e4tDr3ep8paf2UjvQnjkO+rWG03pyvuyncgvFxJsKDR+
a4ohNQdu9MJN5oq0VDksKHT+cTsMRT37rTWd14CKnw9e3uEbXaFIfLvwCJeX7Qqf
hYXrrOMWb329IqSf/bX7GsZmSXzds8+IbfyJWJMA6So/zJmbPc+IbLvLGDbsc9eI
rEH4ncb0zOm9WWCB08/vzKHUXZf7gS/onJjinb9u/ByzqUdq2WI=
=atvv
-----END PGP SIGNATURE-----
Reply to: