Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3504 [SECURITY] [DLA 1921-1] dnsmasq security update 16 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dnsmasq Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-14513 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/09/msg00013.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running dnsmasq check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : dnsmasq Version : 2.72-3+deb8u5 CVE ID : CVE-2019-14513 Samuel R Lovejoy discovered a security vulnerability in dnsmasq. Carefully crafted packets by DNS servers might result in out of bounds read operations, potentially leading to a crash and denial of service. For Debian 8 "Jessie", this problem has been fixed in version 2.72-3+deb8u5. We recommend that you upgrade your dnsmasq packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - - -- Jonas Meurer - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAl17jjMACgkQUmLn/0kQ Sf5ooA//QDSu8a+HNPwkfC6P3oFKJ4g5OG6Ra+oN/gc8Q4VrzXeIQh3Ew2C6G0BQ AmlJqJrAYIKOyn2GX3Ki5CDSQ6xDBSkAGXlbEY6/Qt0ZQ8+4gmeY51Hph4ZxlHDz p8xoAhlYO6tWnJ7j2jmuaTSde3YM0rd6LMG2WCjhjRSwoTlLJQq5V88xbag/Q+i8 XWjFVsYUovnYXa9aSxc7qDiyUJrC/XtcNn68PQMgZz0JEeP43dCOGMsZNgSsZUex E30cfK2bhJfIBMJlYS18MuuRq+TDSvdk+ZgXYIQyxL0WkEeLlrPPHjjDzw/+vE10 cyCHayoREBHz5XVuRD0xqqsVFErqmR3KqCqiHoqEkyRG1W0a+ZARZ3Chg4NcA/v9 EI/4XZeWBEheq/VNRX1tcDIroOyhcs5q99v+8C8jgIPj190V63MlOsnylYPBSOZe y9nXTN+JYbBQQDvLNDj9k8fmxw2ctciKHoeOucOpeDH27x8LdA+sfCMHK7j7sGbZ nrQ9Ql4p9+oHENzL3sdcmFPXkrwMyCefV4QSlG62+7G4/14YxLUrJSXfwERpiRTa tqDOMuhlgoyRDbfz/dsyePyTW2x9aiWDP2sXERP720M/hM2nOAd6QuLdqUYodzkE MnveUQbF5tUyxZavPAFAQ9v3pB706n/uofxSoa3fT7RNqBk+q34= =P/zK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXX8BJ2aOgq3Tt24GAQicnxAAuNIf7y+Tl21pQOnuKDHKbR9HCvbKLX1a QAW+DzLHhBg2ioW0o3a/DbwpPS5pI80Bv2FwVeIqWBP9DdOw+TLKqxZonu5D7r6m I6fVE+fAn+Tq2mklakqQK+BUOAObkAD6efufjogEPP6RwXGaPP7GH6QHN+bSZMxd KjsUYWeId+Uj4joBlZ0+92sbk8lrKR6LtjXW1LUCvXXVF2YAiHLarGD+09n8cSDW WvoLyvxdOSzLJ1KPg5oIGE4Gd4eiUXymCF1n4suJ7g0NbNKp8ULoJj8lofqn4cEr lueFlRBsPNLyNAn8Je+ssSToqbikdhb1PbzNqelUWwNYp43Wkl05JCwGEVg2wWUS Z9/ZUWYbhv8oL+20QBC5KoVye68WnMK8QN8z3CF+44QkWMNf50oQUnZtaAplx921 yT6VAButyjLTjLFExTuZ1hkgB278cp5h6k0VVEs5ofgmBCFLBTAUwro1sXfPwJK9 iOFFXd5lgESJ9f+V8GkgDvWakutO9l4Ai8ANb1Q07tvOx2MrZFNam7/izvuh48yN odKLGMTYnpa/2s17HAxu5+npcmhYYKK+WbeaEXK9kA2M9p4MvR92pURPLfgXdHcB HW86cBNO97VJKtJ9Y28lmrENZ2w/qbNCs9FHzRD+d18nr7/e+NMbG6ti3PZQmgyB eNptYk23xio= =8Cj2 -----END PGP SIGNATURE-----