ESB-2018.3019 - [Debian] dnsmasq: Reduced security - Unknown/unspecified 2018-10-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3019
                              dnsmasq update
                              5 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           dnsmasq
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Reduced Security -- Unknown/Unspecified
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/10/msg00004.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Package        : dnsmasq
Version        : 2.72-3+deb8u4
Debian Bug     : 907887


dnsmasq, a DNS forwarder and DHCP server, ships the DNS Root Zone Key
Signing Key (KSK), used as the DNSSEC trust anchor. ICANN will rollover
the KSK in 11 October 2018, and DNS resolvers will need the new key
(KSK-2017) to continue performing DNSSEC validation. This dnsmasq package
update includes the latest key to prevent issues in scenarios where
dnsmasq runs with DNSSEC enabled and it is using the trusted anchors file
shipped with the package. Please note this is not the default
configuration in Debian.

For Debian 8 "Jessie", this problem has been fixed in version
2.72-3+deb8u4.

We recommend that you upgrade your dnsmasq packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAlu12HEACgkQFX/a4RXx
4q0ExRAAlv6CkQj6ANLlpU7znsHVhCZ4AE6bij46RgxOthLg75SzZbroPzbY/MlH
HUgTHmyrLNVlAn7Bm/7uwi+GIkGMBaELChMlcpClQQSCZjYeASU+PpZZbr5wGSA1
E6CQo2yqAvn2oVrUtULwqwELeiTSigK9hAK8KvNEQ3ggP/GdVO1iueXDJMj5srG/
yIKTCyOYWs4LQCfhE9W7x8CXkHqfpwTDgNVrYs1Mm8Hx0WRkBf8TMY7aQuqm8Dxr
YdpH0RqszKmQCeurfEr3fe3qNBnlVCtts93U3KWGrvah7b6w2m+l3nCY/29Zv8J4
QVSTUswsniYG/FTQhuIyC5YGe/UsCAzqkEW+S61JGnjG8OSvWIPDSZ82d4vXdeFe
+NrRegc6qP66BxIGHM27JgTIqlvH/HaJd44kEEMpP4gxtlhCILFt/M7/RA5WPDaM
rg4NDYm6W1Td6H3+QiJRK0CHaVNRYLQ3y4BaAQhhQUTp0TNV5nU02L8x1Rkq9Lul
HDXBiK6f1cA/X9LPWBx2Z0VUV8VzCV7jSuvShhXJn7ojZnsAlNmZ0rBdvxWjim1U
kuHyZzIxPgg5tSF9nOXK4zU1mWurphNTmHJnSGTl/R7cYP0IkbOgYeZLB0GHLNBR
EpWcIkk05+dIOy4h8RuaxDBHvqv9vu2FuBxap2ZgQ7kOJwzqHA0=
=x9lS
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW7bvkGaOgq3Tt24GAQhn7xAAyJ99CMT2g2jR9SYNDR3mSGtQzHWivgIx
3XuywLaSL95mA3V1Kj2TOwSAvAWTMytVTYcjAcox5P1ayoYnNfEedtb8UZTCMIYp
GzI5TrtyRBRmM7E4bx4gLJVyVKs4+obDu99a4L/B7McHtZfxFi7wyhrMWWjefDkK
Q6Y8AG8eP5gVTpm0moqoSi5iVqGsRpkajxntVMwm9WP8JNdKxRwtm/MW6mfotV+g
KzKX2RhX6EcVh3uzwPFCqPHVqRfkqINXs8XPr4W/dqgSIaXBAXekgg9ge39M0qAL
IOxEqVPFHZLyMux2MGikhH6Colp5ddS5z2fDigf5Czo3s2Ne9cz5TgprUS5dKORy
iYhYCMpzJN7ft7uvcDAT5/tEB9AbqUZUPlep/7d0WQDpstiUDLQEc/UqekRzE+uH
MOWf9yMt3x80TVs9W5ajtLUMUC89b30CrmtfHncIzwowibKw3SjVryt01uj0JE9y
ezELF7x33eWol2UTZ4hUZpFBxWZuzlGGMmyzzWTHyP68Ru5NjvrbJxtFAbz+wBiu
e5VtM2GeAeYSZrri7kaWMFZadBQlz+sKGHtti3f46+ykcVRvZ4MBEjNhe+jn1yH0
+GUkgk2LwH9vXqP5oDYk467CpuxU96HiCq6LRIRU6vmvFoKXEguEs8GQxyVmN84G
O/g8WXhFyHg=
=yCdV
-----END PGP SIGNATURE-----

« Back to bulletins