Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0217 dnsmasq security update 20 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dnsmasq Publisher: Red Hat Operating System: Red Hat UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-25687 CVE-2020-25686 CVE-2020-25685 CVE-2020-25684 CVE-2020-25683 CVE-2020-25682 CVE-2020-25681 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:0150 https://access.redhat.com/errata/RHSA-2021:0151 https://access.redhat.com/errata/RHSA-2021:0152 https://access.redhat.com/errata/RHSA-2021:0153 https://access.redhat.com/errata/RHSA-2021:0154 https://access.redhat.com/errata/RHSA-2021:0155 https://access.redhat.com/errata/RHSA-2021:0156 Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running dnsmasq check for an updated version of the software for their operating system. This bulletin contains seven (7) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: dnsmasq security update Advisory ID: RHSA-2021:0150-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0150 Issue date: 2021-01-19 CVE Names: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 ===================================================================== 1. Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681) * dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682) * dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683) * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) * dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1881875 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled 1882014 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled 1882018 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1891568 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: dnsmasq-2.79-13.el8_3.1.src.rpm aarch64: dnsmasq-2.79-13.el8_3.1.aarch64.rpm dnsmasq-debuginfo-2.79-13.el8_3.1.aarch64.rpm dnsmasq-debugsource-2.79-13.el8_3.1.aarch64.rpm dnsmasq-utils-2.79-13.el8_3.1.aarch64.rpm dnsmasq-utils-debuginfo-2.79-13.el8_3.1.aarch64.rpm ppc64le: dnsmasq-2.79-13.el8_3.1.ppc64le.rpm dnsmasq-debuginfo-2.79-13.el8_3.1.ppc64le.rpm dnsmasq-debugsource-2.79-13.el8_3.1.ppc64le.rpm dnsmasq-utils-2.79-13.el8_3.1.ppc64le.rpm dnsmasq-utils-debuginfo-2.79-13.el8_3.1.ppc64le.rpm s390x: dnsmasq-2.79-13.el8_3.1.s390x.rpm dnsmasq-debuginfo-2.79-13.el8_3.1.s390x.rpm dnsmasq-debugsource-2.79-13.el8_3.1.s390x.rpm dnsmasq-utils-2.79-13.el8_3.1.s390x.rpm dnsmasq-utils-debuginfo-2.79-13.el8_3.1.s390x.rpm x86_64: dnsmasq-2.79-13.el8_3.1.x86_64.rpm dnsmasq-debuginfo-2.79-13.el8_3.1.x86_64.rpm dnsmasq-debugsource-2.79-13.el8_3.1.x86_64.rpm dnsmasq-utils-2.79-13.el8_3.1.x86_64.rpm dnsmasq-utils-debuginfo-2.79-13.el8_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYAbejNzjgjWX9erEAQgk0A/9FxmnqHYE8Hn1es6TKcskQ21iW12qSOce x8cj5tx4AmJNfUx81W4liq2xT6cA70ruZiGuSWlnEdByKawopIRxTP3Nq/zFKwb1 XGIfAZe1xZtwBZSbbRsC+mROPzKaIAslmOzVXN2FIWAWSesNl6cmN8gBp8a3R+am tLj02/152ko3LhtPG/EjWWg4Gq4S4R72KH1di/AVdtaTIbF/CKdI5Hz5BjZa5tYt xNKXci6G0i8lHBAdTxXb1uUBRwuQuYIU2BVIga0vOkyTFJvSVpIkV55DJj+d9bPg 3zwVif2EyAWrOjHqa50olCyUoEfFxMywb64FscsbyOtJ5pXcaxG+QJtLRjL3SeUu ZlJkGctmuQnxDFeABux/qBl8st/i1v1+KQ6SG17MZ8hvuQK6E/KRw4fQR7qgczFG AbpNnIBSxKGtI2e1WQCE82PJ2ZsWoiBDKBTNtvYngFWmvRDKVIPLOsd5DZ6KFtZe BtTW4wENLzUdPRwNnDTVtKIBH6BFFVWp6aHxYD9JKE9UxPV6xCp1Zg2HQzWIoidB zLS82cgAVs6GEYeLi931IkP7bjewy2HTv1KimX5o52mdR5lsJcfqjB7fBDwS4PO8 MGZMKonmQtRX6hnqAWdoNTlt5S/Jw4Hae2QSP+YjEmF7VuwFGF8c4G3Z+bSsSVJV 8+H3Doznrqc= =N5Z0 - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: dnsmasq security update Advisory ID: RHSA-2021:0151-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0151 Issue date: 2021-01-19 CVE Names: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 ===================================================================== 1. Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681) * dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682) * dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683) * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) * dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1881875 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled 1882014 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled 1882018 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1891568 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: dnsmasq-2.79-11.el8_2.2.src.rpm aarch64: dnsmasq-2.79-11.el8_2.2.aarch64.rpm dnsmasq-debuginfo-2.79-11.el8_2.2.aarch64.rpm dnsmasq-debugsource-2.79-11.el8_2.2.aarch64.rpm dnsmasq-utils-2.79-11.el8_2.2.aarch64.rpm dnsmasq-utils-debuginfo-2.79-11.el8_2.2.aarch64.rpm ppc64le: dnsmasq-2.79-11.el8_2.2.ppc64le.rpm dnsmasq-debuginfo-2.79-11.el8_2.2.ppc64le.rpm dnsmasq-debugsource-2.79-11.el8_2.2.ppc64le.rpm dnsmasq-utils-2.79-11.el8_2.2.ppc64le.rpm dnsmasq-utils-debuginfo-2.79-11.el8_2.2.ppc64le.rpm s390x: dnsmasq-2.79-11.el8_2.2.s390x.rpm dnsmasq-debuginfo-2.79-11.el8_2.2.s390x.rpm dnsmasq-debugsource-2.79-11.el8_2.2.s390x.rpm dnsmasq-utils-2.79-11.el8_2.2.s390x.rpm dnsmasq-utils-debuginfo-2.79-11.el8_2.2.s390x.rpm x86_64: dnsmasq-2.79-11.el8_2.2.x86_64.rpm dnsmasq-debuginfo-2.79-11.el8_2.2.x86_64.rpm dnsmasq-debugsource-2.79-11.el8_2.2.x86_64.rpm dnsmasq-utils-2.79-11.el8_2.2.x86_64.rpm dnsmasq-utils-debuginfo-2.79-11.el8_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYAbgy9zjgjWX9erEAQhsJg/7BiUPmYio6D87XkN9fcWf2VYynkHDOI1k 43jB7EnfLvUh/UrJSi3n3YH8a0eibMke1heXDUIuTBbv0BX5qi7QuOzmqD8bEsMq esRcEyG2BGjVZ9eC5/Enm+L2j/lOUH8EEFH3O2tqEa4/U8oD3HB5ejofQo79uLwE mGGIIc8pBzQDqGb/7ROt418VCwed5716OVmn5PV/A7zpbXf2Wg8AYBkuzm3aE/VS +Jd7JIpFXaJwbszRZ2JJwXs4sKrxM49FTMJ0TjYZgwo6waLML9Fv43f87Tz9n4Wu B56lH8OQZmJCH5tbbsrzCWa25cvf057UfBhQqj5qqsPPUL/I/oh4dEGQs58vUz+Y bnuhDQqhjfa6FbBLyAMAHJf5l6X62ZnkIIDc3xPPsiTHdtuggOLZxQiXvm9QkKuI LRReXUJVeLs2sq2SxXYHb9GqcCOV4M5K9+NpS4w/ICikKzd2RkCfVABymz2sVm7K tGW3OsTmkhWpyAczYqp8zXm9abK+kwwQqkuQeb3JBQ+WInwSab63sT/nggDH/oWM IqMb26QypNNr2cpZ/DB2HooGehSeLXNmAPrbeuIKowuKrCL0xRPTb9db2yXqttTS WUNnKM3h66Ju+Gzzk+JhtoJl3lomGIgiT1c+QXvPC9B6lmFojx8lZKsxsQ1Qkudd rwOB2/q5hRY= =vAYb - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: dnsmasq security update Advisory ID: RHSA-2021:0152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0152 Issue date: 2021-01-19 CVE Names: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 ===================================================================== 1. Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681) * dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682) * dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683) * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) * dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1881875 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled 1882014 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled 1882018 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1891568 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: dnsmasq-2.79-6.el8_1.1.src.rpm aarch64: dnsmasq-2.79-6.el8_1.1.aarch64.rpm dnsmasq-debuginfo-2.79-6.el8_1.1.aarch64.rpm dnsmasq-debugsource-2.79-6.el8_1.1.aarch64.rpm dnsmasq-utils-2.79-6.el8_1.1.aarch64.rpm dnsmasq-utils-debuginfo-2.79-6.el8_1.1.aarch64.rpm ppc64le: dnsmasq-2.79-6.el8_1.1.ppc64le.rpm dnsmasq-debuginfo-2.79-6.el8_1.1.ppc64le.rpm dnsmasq-debugsource-2.79-6.el8_1.1.ppc64le.rpm dnsmasq-utils-2.79-6.el8_1.1.ppc64le.rpm dnsmasq-utils-debuginfo-2.79-6.el8_1.1.ppc64le.rpm s390x: dnsmasq-2.79-6.el8_1.1.s390x.rpm dnsmasq-debuginfo-2.79-6.el8_1.1.s390x.rpm dnsmasq-debugsource-2.79-6.el8_1.1.s390x.rpm dnsmasq-utils-2.79-6.el8_1.1.s390x.rpm dnsmasq-utils-debuginfo-2.79-6.el8_1.1.s390x.rpm x86_64: dnsmasq-2.79-6.el8_1.1.x86_64.rpm dnsmasq-debuginfo-2.79-6.el8_1.1.x86_64.rpm dnsmasq-debugsource-2.79-6.el8_1.1.x86_64.rpm dnsmasq-utils-2.79-6.el8_1.1.x86_64.rpm dnsmasq-utils-debuginfo-2.79-6.el8_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYAbepdzjgjWX9erEAQhK0g/9F6hzOsmqxMPcgOvWjgi/c4Yl7oamXCbh Lxv8Ytxrbov8l4idixd9Nmq1AuvWU83JvfCsDN3mkxmqK3cDf4D30DlFxFfzd1dF rjqpdY1WCmWp3dnKclXlwc7Q25X3owjsXTkZwg5RxHi4AEMdE9ACvz5lp3djGXc5 SMIjD04UG5kqdwo97IrOj3ucTztg6Fq9jq92P/Q8L4iz+0fKKu4Lsy9O7lgKDoma uSOduPeqH43BVGg0ADFJ/AvHgnkSLFX/OUhf21FLaGLqci+1YVp3Zzr45Nk1FsRj bhdytI3hLgNCFanF4sH2/2y7AvEPYimwK1Xv5oEeH2UrfBACbJyCF1a7uQocH0R2 pHkcT157+0pr/dtq1Dr6JcDXjPjph0TcyIFzCVvVgO7O0Vb3fdE7E1I95H9TR4XF +rpIejgq7+ECwIin7cY6rUNtywXNth/qIGGkMrYzsrfoArnOIWJlZtOptkZeWm1F rgvWB30x2pbFsEzubVwiBx118R2qBkR943dTcMEux/6WTS9gkFkMWCDrNzADj35a bgLhQdGHuG/QqLwN24FRYE+OzQwIQ+7IHwR4AttuUDN93k0H6cKEeHqGBb5tZyNs 4CVAneGK/kPIAJ/DI4R8lastfjOHgOpu8ZVkr0uXbqd3jnFs9nv8+7YNDbNs5l1v t8hvuxEPrIY= =KmZn - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dnsmasq security update Advisory ID: RHSA-2021:0153-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0153 Issue date: 2021-01-19 CVE Names: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 ===================================================================== 1. Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: dnsmasq-2.76-16.el7_9.1.src.rpm x86_64: dnsmasq-2.76-16.el7_9.1.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: dnsmasq-2.76-16.el7_9.1.src.rpm x86_64: dnsmasq-2.76-16.el7_9.1.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: dnsmasq-2.76-16.el7_9.1.src.rpm ppc64: dnsmasq-2.76-16.el7_9.1.ppc64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64.rpm ppc64le: dnsmasq-2.76-16.el7_9.1.ppc64le.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64le.rpm s390x: dnsmasq-2.76-16.el7_9.1.s390x.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.s390x.rpm x86_64: dnsmasq-2.76-16.el7_9.1.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64.rpm dnsmasq-utils-2.76-16.el7_9.1.ppc64.rpm ppc64le: dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64le.rpm dnsmasq-utils-2.76-16.el7_9.1.ppc64le.rpm s390x: dnsmasq-debuginfo-2.76-16.el7_9.1.s390x.rpm dnsmasq-utils-2.76-16.el7_9.1.s390x.rpm x86_64: dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: dnsmasq-2.76-16.el7_9.1.src.rpm x86_64: dnsmasq-2.76-16.el7_9.1.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYAblHdzjgjWX9erEAQg6Xg//fXZBawqLgCXhC7jToJJgUA+WoERkMbil Vs5+OP4vp+nT2iA92mQ84rLTQG2tL2xhPfMxLVl+9aCH44RjJjmQ8F/ODvYxRCe4 MopmumQIwfGMAFK/n16jHAmkg+qMZa3ehUp+LuawnsIuGtC7BmiohLTZqjxFj754 6h79AhB8/zeX1buyqEBgo8kCTy/L+TRW/Xg/ENi6a6NTnwG3f2n89oxUOCASm2cA YF2Qc1L8yqd/5YXBA8E3gRouBe2caThWUo0qrG9ois7lYIJKlxzo9sq3n6qfc8bN hZ/OAKvNSnRSrC4AW8kHVskv0hR8kC+iX05ryujBdGRLiafHl9hLGy2E0qRR3mm3 hNyjhKzBNxwZZ3gF8nOQJyWtxSYJSwbl6n01ElEs+QexMKi/f+x8hML1BS1rf/tG JuOOyLTUGjWIdmmLEKNQa/A5h0rWwJhNhVKuK+iNGXTey8C1JmeNaYpeOn8JdK1E iS8ZT48mfu8MxvGVVbv8ARfMQtsWSo1IOMD/ttUh2SPflZ1Qpd2sGTR5sIJrq2JD XlWePyzEQSL0UEJ8FgYOeJJEt9Q/gWgiug7ZBZrmanzLaNv0DA0dLsD8kE/p2mml j6kxe9R0XnpTxnDTzKmmCaEXCFsrJIg872+57VfVbCeFcwV6pZMNMFACmMI6DJgX sGV/jc2cn78= =iw2j - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dnsmasq security update Advisory ID: RHSA-2021:0154-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0154 Issue date: 2021-01-19 CVE Names: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 ===================================================================== 1. Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: dnsmasq-2.76-10.el7_7.2.src.rpm x86_64: dnsmasq-2.76-10.el7_7.2.x86_64.rpm dnsmasq-debuginfo-2.76-10.el7_7.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): x86_64: dnsmasq-debuginfo-2.76-10.el7_7.2.x86_64.rpm dnsmasq-utils-2.76-10.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: dnsmasq-2.76-10.el7_7.2.src.rpm ppc64: dnsmasq-2.76-10.el7_7.2.ppc64.rpm dnsmasq-debuginfo-2.76-10.el7_7.2.ppc64.rpm ppc64le: dnsmasq-2.76-10.el7_7.2.ppc64le.rpm dnsmasq-debuginfo-2.76-10.el7_7.2.ppc64le.rpm s390x: dnsmasq-2.76-10.el7_7.2.s390x.rpm dnsmasq-debuginfo-2.76-10.el7_7.2.s390x.rpm x86_64: dnsmasq-2.76-10.el7_7.2.x86_64.rpm dnsmasq-debuginfo-2.76-10.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.7): ppc64: dnsmasq-debuginfo-2.76-10.el7_7.2.ppc64.rpm dnsmasq-utils-2.76-10.el7_7.2.ppc64.rpm ppc64le: dnsmasq-debuginfo-2.76-10.el7_7.2.ppc64le.rpm dnsmasq-utils-2.76-10.el7_7.2.ppc64le.rpm s390x: dnsmasq-debuginfo-2.76-10.el7_7.2.s390x.rpm dnsmasq-utils-2.76-10.el7_7.2.s390x.rpm x86_64: dnsmasq-debuginfo-2.76-10.el7_7.2.x86_64.rpm dnsmasq-utils-2.76-10.el7_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYAblv9zjgjWX9erEAQhqbw/8CmQI7lftuhRZBmU3VadwuiKa2WxqV96g 1dP7wqfand0peKs4NRZmz8VdnlJm/NaZNfltWJ52prrtp57nLzK3hpM8BtRVBSnY 0a9Yd2+7XJs58OUJuwlZFx1M3E/iRuz7HnjkYIU3e9AGV7e+tNE3YOvuhxBLuEcA fKeWO++NVjlC1wfeOywKo4ICDk4RXYQh+BKvXLpHpXWqNYjoAiPcgmxwLdLjuLp2 YyOLNHevb3iYaLw0krToMaXvvjBk8KwQcUSUvRKhZ0/qzZ9f638+qbKWlyb3QLVp NJCoT9fJ7/gGXedaUhE+s0TMehNt2dzNsdBntoR0vYWsVt9jZBo+sCwBFr+6Fct2 sxUhlyEVPepgs5IJ/rF/xGMWE7jxxXgP1ZPdYKsI1JB+KAXOOz6sQkLww7BbWnAS B0pTJzp132Q4mOnaOrjpzD3tsrOw/WburDfQLIVIO5p56KJQ6Dr5m7/Z9aUds8mt Bw7Rs1XLWnFZRlmOo2L7NfBkNTI1FdQAh2zxBURv4SlJAL7jnP2DskmffmAHFYaf T2obXT02RaqEv6L6QmWl/m4knqDMOn+2N10vTMkKES7SlRWwTQ77a/WScQyvYjDd rtuDuScW3kRF4maROoDC5Kl/DzABs2SQmGw2/iowrsmVKXd87w51/JUmAMx/97pX N64nqQ2htwg= =q9/8 - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dnsmasq security update Advisory ID: RHSA-2021:0155-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0155 Issue date: 2021-01-19 CVE Names: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 ===================================================================== 1. Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: dnsmasq-2.76-7.el7_6.2.src.rpm x86_64: dnsmasq-2.76-7.el7_6.2.x86_64.rpm dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: dnsmasq-2.76-7.el7_6.2.src.rpm ppc64: dnsmasq-2.76-7.el7_6.2.ppc64.rpm dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64.rpm ppc64le: dnsmasq-2.76-7.el7_6.2.ppc64le.rpm dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm s390x: dnsmasq-2.76-7.el7_6.2.s390x.rpm dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm x86_64: dnsmasq-2.76-7.el7_6.2.x86_64.rpm dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: dnsmasq-2.76-7.el7_6.2.src.rpm aarch64: dnsmasq-2.76-7.el7_6.2.aarch64.rpm dnsmasq-debuginfo-2.76-7.el7_6.2.aarch64.rpm ppc64le: dnsmasq-2.76-7.el7_6.2.ppc64le.rpm dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm s390x: dnsmasq-2.76-7.el7_6.2.s390x.rpm dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64.rpm dnsmasq-utils-2.76-7.el7_6.2.ppc64.rpm ppc64le: dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm dnsmasq-utils-2.76-7.el7_6.2.ppc64le.rpm s390x: dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm dnsmasq-utils-2.76-7.el7_6.2.s390x.rpm x86_64: dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: dnsmasq-debuginfo-2.76-7.el7_6.2.aarch64.rpm dnsmasq-utils-2.76-7.el7_6.2.aarch64.rpm ppc64le: dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm dnsmasq-utils-2.76-7.el7_6.2.ppc64le.rpm s390x: dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm dnsmasq-utils-2.76-7.el7_6.2.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYAboDtzjgjWX9erEAQiLag//YhXcBUOW0sEQ8k06WYSM8OkrXPNB0+Uq 53L0qcvoOWtSIkwV1CgVsHuLTXRPyelw4l/I3hZED+ACfEOUzGqYJOoWnc2HT712 e6rf5x8NVQpWpGLJbePFasiZ4b9Oe2cbpeveWUnJJyJ+9A/SKsAeANvvzvFIvPah le699qONS1DpTqS5v1vU7qqN0ZcdEdC83CeRjeYOoFx1+a9izFg9eKPyr3RdsrjF ze9Dv+6ZeCorrwMa9fyEVtmT91vmOGy6/1f2/9YlI9j/tjDfhv4HdlbHL0u2Eg2z eBaAkitgzgZ46L63hm6fNmTs9cO1AW+c8STkFjcv44vz4MJEQ60K2NiOqvuhm7ba GgU0rAJD1cPnHrriJ4DytwDpgGOhoC2a637mt0onni0U6ZZmvcVIkVY1m7muCyVr Vry4ViX/LrBgw+C46NTKHIlgZm2IzVH/OkgLpvXmf+SoQqQoiI75QaeTe432X9ie Ot9z14n5OFOwcAvOwnzUUIAR3oOxQfyhby8tgN+bRsIFOmYceYkocwc7DWGJQ+Zk mInUwGaEVAPkZzmTgxTjc5BGFdb9Ojsl32g1KbLAUv4SaUZtYzwGUxh0sMwEG5eY 8JqCsJP+4BDFBd70g7KZDdUkySJ0v3gb5+PS7KqnnRtYJb81Dl6FBxNc7x9KL8cG 3tTxc1zVYbM= =RW1Z - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dnsmasq security update Advisory ID: RHSA-2021:0156-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0156 Issue date: 2021-01-19 CVE Names: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 ===================================================================== 1. Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: dnsmasq-2.76-2.el7_4.3.src.rpm x86_64: dnsmasq-2.76-2.el7_4.3.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: dnsmasq-2.76-2.el7_4.3.src.rpm ppc64le: dnsmasq-2.76-2.el7_4.3.ppc64le.rpm dnsmasq-debuginfo-2.76-2.el7_4.3.ppc64le.rpm x86_64: dnsmasq-2.76-2.el7_4.3.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: dnsmasq-2.76-2.el7_4.3.src.rpm x86_64: dnsmasq-2.76-2.el7_4.3.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: dnsmasq-debuginfo-2.76-2.el7_4.3.ppc64le.rpm dnsmasq-utils-2.76-2.el7_4.3.ppc64le.rpm x86_64: dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYAbg5dzjgjWX9erEAQjfmA//U9huQUHWE5px5MpvL3/7ZlTnU3Q23tSz lOkHHhl4hwFmETAaVUv/Zoc1N7OfxHzC6C4ot2+rPFj+oMcZQeXUrfhKZkG5kWMn Qy/yIN9myOJ9jjM+2NmF+nQPAiIVi2fU/LkDIEYGXihDZB67/bvu2ErbX2dEOGaH ikX4JNYAVw8vnCZgRy2bbXq47Nff8oeys9sTcDWIq61Svg2mHYYtIoF4Xmz5N5u5 Gb+75FFSxlBoNQFbDyydm19UpGTGZ1dP5Giquvuv8hN0lXGDZN39TANk8FruwnB+ ibyRgzf1R3IwDKbMdkICVOtxfR6cMUXOk5fB6bygyL8Ki6o03N1/HPnQTOQ3XPDO Ya0eswXvMpG8DdhIPi6xlVhorxDj4QKaVKC82rnbb27KJP+UPC8KXfp8lEZSD0zX 56f2O2t42rjzrulnijDdeHtW6oI1MytA/hVLLM0Sdt6PYS19jflucnwP2UuZn0aR RRWjdK6Tx0OYxpPQBYVKygzm+0ke7Ee5BoGn+sYU5SZSH6ro0AlfIRVQn6XmTGUj Gotg6jc4a6HXjhrA72lkxvW9pzFVXpfiQ/VFhBblP39dcCXXyRfTSzgbutDAz7eu 5R8SwUBVIJ0e/Pp32WAMapLfKc+Pj9VG/INfwYYxtpWooy2cHk+3HZIy8gXylhCA lyNYjR6LrCc= =sh0K - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAdaueNLKJtyKPYoAQi/aQ//cjPtCS6Yy0vNdfeD5+G1ojyRWrUVRpbY F2jsfnbURtCASL82hfJ2dGAVBABJ7CXx60I6fsysY9o2xg+CVy7+uBk2Rt6f4bqc hRDan04Hrh2VzBIYIzTJMz41w2Ye42SUG3B30MLH3qqWA176zrvSIl9OShyEtma8 ggSV7QRwEKCckLxc9T81Uz/80inulOc/Jboq2nquX4itVsW5EkQs+k8Ce9HGu3kW ILAb84Ozoe9Xbw6kJLWV8M6SZm0z/6E34e0n99ox//SycmLCWWZ6m6LiG24OhU/2 zy9AeMpCXvn3X3SMtWGqPrVGFYQOG7vOJOYzZXPEcMsSK6qNUu0tqrT/BbmLh/n+ JOCFN/4+F0QxGGkzmdhD9sasmuBHRnF0aE0Y5zAZtI2JcX/ecVhvk63Kxr96H6m5 972C/PDlG38SPWN697HfqMj+N2KVYdmtSfmMTBXbCRgNafmaxf3I0QgncteHmYM2 e2h/4YUG3rq+mFNgw/8BK3Q9C1ahJjoFBA6acXWw8vWTUJ1kCu2ANIByfqn8y0hi VO7TohNYuxnyVbEQL22JooldsxyibC5fo3MazfJMbZq4znp1E3vAxvaaTWHrBXKu v52xIQ7aI467SWsqpTsC0uDKYRLaKPJo+d2B7KZd9+CY7VQBTYXgJ1GpW6u6y8+b 7LMS9c3BMsQ= =aSGD -----END PGP SIGNATURE-----