Debian Security Advisory
DSA-3989-1 dnsmasq -- security update
- Date Reported:
- 02 Oct 2017
- Affected Packages:
- dnsmasq
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496.
- More information:
-
Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbitrary code.
For the oldstable distribution (jessie), these problems have been fixed in version 2.72-3+deb8u2.
For the stable distribution (stretch), these problems have been fixed in version 2.76-5+deb9u1.
We recommend that you upgrade your dnsmasq packages.