SB2018040341 - Input validation error in dnsmasq (Alpine package)
Published: April 3, 2018
Security Bulletin ID
SB2018040341
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2017-15107)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2a8dcde66ca811babbbb7d8a2e11bed8dd4a0880
- https://git.alpinelinux.org/aports/commit/?id=c2e70834ec4dc383d3870aab4902a511b8855cd3
- https://git.alpinelinux.org/aports/commit/?id=05ce3aa991af874d09ffd9c8271539aaa54b53f4
- https://git.alpinelinux.org/aports/commit/?id=3ea61d40651914e0706601cd8b7c05fcaafe089a
- https://git.alpinelinux.org/aports/commit/?id=dd7e750ba07d59986e184840c84440d074db4ef1
- https://git.alpinelinux.org/aports/commit/?id=2e8a7481f51b779996e20514a1e3b950796e8fa8
- https://git.alpinelinux.org/aports/commit/?id=c5bc7b059648ce3f05252baa07a905e11c46041e
- https://git.alpinelinux.org/aports/commit/?id=cc3d92312d674250637dad701c603e3fdfedfb4e
- https://git.alpinelinux.org/aports/commit/?id=70e17b5cf82bae935c9371277ce3d632742f5488