Security update for dnsmasq SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:14941-1 Final 1 1 2022-04-21T12:57:08Z current 2022-04-21T12:57:08Z 2022-04-21T12:57:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dnsmasq This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp4-dnsmasq-14941 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-202214941-1/ Link for SUSE-SU-2022:14941-1 https://lists.suse.com/pipermail/sle-security-updates/2022-April/010787.html E-Mail link for SUSE-SU-2022:14941-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1183709 SUSE Bug 1183709 https://bugzilla.suse.com/1197872 SUSE Bug 1197872 https://www.suse.com/security/cve/CVE-2021-3448/ SUSE CVE CVE-2021-3448 page https://www.suse.com/security/cve/CVE-2022-0934/ SUSE CVE CVE-2022-0934 page SUSE Linux Enterprise Server 11 SP4-LTSS dnsmasq-2.78-0.17.18.1 dnsmasq-2.78-0.17.18.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. CVE-2021-3448 SUSE Linux Enterprise Server 11 SP4-LTSS:dnsmasq-2.78-0.17.18.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214941-1/ https://www.suse.com/security/cve/CVE-2021-3448.html CVE-2021-3448 https://bugzilla.suse.com/1183709 SUSE Bug 1183709 A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. CVE-2022-0934 SUSE Linux Enterprise Server 11 SP4-LTSS:dnsmasq-2.78-0.17.18.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214941-1/ https://www.suse.com/security/cve/CVE-2022-0934.html CVE-2022-0934 https://bugzilla.suse.com/1197872 SUSE Bug 1197872