-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0217
                          dnsmasq security update
                              20 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           dnsmasq
Publisher:         Red Hat
Operating System:  Red Hat
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Provide Misleading Information  -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25687 CVE-2020-25686 CVE-2020-25685
                   CVE-2020-25684 CVE-2020-25683 CVE-2020-25682
                   CVE-2020-25681  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0150
   https://access.redhat.com/errata/RHSA-2021:0151
   https://access.redhat.com/errata/RHSA-2021:0152
   https://access.redhat.com/errata/RHSA-2021:0153
   https://access.redhat.com/errata/RHSA-2021:0154
   https://access.redhat.com/errata/RHSA-2021:0155
   https://access.redhat.com/errata/RHSA-2021:0156

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Red Hat. It is recommended that administrators
         running dnsmasq check for an updated version of the software for 
         their operating system.
         
         This bulletin contains seven (7) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: dnsmasq security update
Advisory ID:       RHSA-2021:0150-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0150
Issue date:        2021-01-19
CVE Names:         CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 
                   CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 
                   CVE-2020-25687 
=====================================================================

1. Summary:

An update for dnsmasq is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is
enabled (CVE-2020-25681)

* dnsmasq: buffer overflow in extract_name() due to missing length check
when DNSSEC is enabled (CVE-2020-25682)

* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when
DNSSEC is enabled (CVE-2020-25683)

* dnsmasq: loose address/port check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25684)

* dnsmasq: loose query name check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25685)

* dnsmasq: multiple queries forwarded for the same name makes forging
replies easier for an off-path attacker (CVE-2020-25686)

* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset()
when DNSSEC is enabled (CVE-2020-25687)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1881875 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled
1882014 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled
1882018 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled
1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
1891568 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
dnsmasq-2.79-13.el8_3.1.src.rpm

aarch64:
dnsmasq-2.79-13.el8_3.1.aarch64.rpm
dnsmasq-debuginfo-2.79-13.el8_3.1.aarch64.rpm
dnsmasq-debugsource-2.79-13.el8_3.1.aarch64.rpm
dnsmasq-utils-2.79-13.el8_3.1.aarch64.rpm
dnsmasq-utils-debuginfo-2.79-13.el8_3.1.aarch64.rpm

ppc64le:
dnsmasq-2.79-13.el8_3.1.ppc64le.rpm
dnsmasq-debuginfo-2.79-13.el8_3.1.ppc64le.rpm
dnsmasq-debugsource-2.79-13.el8_3.1.ppc64le.rpm
dnsmasq-utils-2.79-13.el8_3.1.ppc64le.rpm
dnsmasq-utils-debuginfo-2.79-13.el8_3.1.ppc64le.rpm

s390x:
dnsmasq-2.79-13.el8_3.1.s390x.rpm
dnsmasq-debuginfo-2.79-13.el8_3.1.s390x.rpm
dnsmasq-debugsource-2.79-13.el8_3.1.s390x.rpm
dnsmasq-utils-2.79-13.el8_3.1.s390x.rpm
dnsmasq-utils-debuginfo-2.79-13.el8_3.1.s390x.rpm

x86_64:
dnsmasq-2.79-13.el8_3.1.x86_64.rpm
dnsmasq-debuginfo-2.79-13.el8_3.1.x86_64.rpm
dnsmasq-debugsource-2.79-13.el8_3.1.x86_64.rpm
dnsmasq-utils-2.79-13.el8_3.1.x86_64.rpm
dnsmasq-utils-debuginfo-2.79-13.el8_3.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25681
https://access.redhat.com/security/cve/CVE-2020-25682
https://access.redhat.com/security/cve/CVE-2020-25683
https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/cve/CVE-2020-25687
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAbejNzjgjWX9erEAQgk0A/9FxmnqHYE8Hn1es6TKcskQ21iW12qSOce
x8cj5tx4AmJNfUx81W4liq2xT6cA70ruZiGuSWlnEdByKawopIRxTP3Nq/zFKwb1
XGIfAZe1xZtwBZSbbRsC+mROPzKaIAslmOzVXN2FIWAWSesNl6cmN8gBp8a3R+am
tLj02/152ko3LhtPG/EjWWg4Gq4S4R72KH1di/AVdtaTIbF/CKdI5Hz5BjZa5tYt
xNKXci6G0i8lHBAdTxXb1uUBRwuQuYIU2BVIga0vOkyTFJvSVpIkV55DJj+d9bPg
3zwVif2EyAWrOjHqa50olCyUoEfFxMywb64FscsbyOtJ5pXcaxG+QJtLRjL3SeUu
ZlJkGctmuQnxDFeABux/qBl8st/i1v1+KQ6SG17MZ8hvuQK6E/KRw4fQR7qgczFG
AbpNnIBSxKGtI2e1WQCE82PJ2ZsWoiBDKBTNtvYngFWmvRDKVIPLOsd5DZ6KFtZe
BtTW4wENLzUdPRwNnDTVtKIBH6BFFVWp6aHxYD9JKE9UxPV6xCp1Zg2HQzWIoidB
zLS82cgAVs6GEYeLi931IkP7bjewy2HTv1KimX5o52mdR5lsJcfqjB7fBDwS4PO8
MGZMKonmQtRX6hnqAWdoNTlt5S/Jw4Hae2QSP+YjEmF7VuwFGF8c4G3Z+bSsSVJV
8+H3Doznrqc=
=N5Z0
- -----END PGP SIGNATURE-----

- -----------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: dnsmasq security update
Advisory ID:       RHSA-2021:0151-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0151
Issue date:        2021-01-19
CVE Names:         CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 
                   CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 
                   CVE-2020-25687 
=====================================================================

1. Summary:

An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is
enabled (CVE-2020-25681)

* dnsmasq: buffer overflow in extract_name() due to missing length check
when DNSSEC is enabled (CVE-2020-25682)

* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when
DNSSEC is enabled (CVE-2020-25683)

* dnsmasq: loose address/port check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25684)

* dnsmasq: loose query name check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25685)

* dnsmasq: multiple queries forwarded for the same name makes forging
replies easier for an off-path attacker (CVE-2020-25686)

* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset()
when DNSSEC is enabled (CVE-2020-25687)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1881875 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled
1882014 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled
1882018 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled
1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
1891568 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
dnsmasq-2.79-11.el8_2.2.src.rpm

aarch64:
dnsmasq-2.79-11.el8_2.2.aarch64.rpm
dnsmasq-debuginfo-2.79-11.el8_2.2.aarch64.rpm
dnsmasq-debugsource-2.79-11.el8_2.2.aarch64.rpm
dnsmasq-utils-2.79-11.el8_2.2.aarch64.rpm
dnsmasq-utils-debuginfo-2.79-11.el8_2.2.aarch64.rpm

ppc64le:
dnsmasq-2.79-11.el8_2.2.ppc64le.rpm
dnsmasq-debuginfo-2.79-11.el8_2.2.ppc64le.rpm
dnsmasq-debugsource-2.79-11.el8_2.2.ppc64le.rpm
dnsmasq-utils-2.79-11.el8_2.2.ppc64le.rpm
dnsmasq-utils-debuginfo-2.79-11.el8_2.2.ppc64le.rpm

s390x:
dnsmasq-2.79-11.el8_2.2.s390x.rpm
dnsmasq-debuginfo-2.79-11.el8_2.2.s390x.rpm
dnsmasq-debugsource-2.79-11.el8_2.2.s390x.rpm
dnsmasq-utils-2.79-11.el8_2.2.s390x.rpm
dnsmasq-utils-debuginfo-2.79-11.el8_2.2.s390x.rpm

x86_64:
dnsmasq-2.79-11.el8_2.2.x86_64.rpm
dnsmasq-debuginfo-2.79-11.el8_2.2.x86_64.rpm
dnsmasq-debugsource-2.79-11.el8_2.2.x86_64.rpm
dnsmasq-utils-2.79-11.el8_2.2.x86_64.rpm
dnsmasq-utils-debuginfo-2.79-11.el8_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25681
https://access.redhat.com/security/cve/CVE-2020-25682
https://access.redhat.com/security/cve/CVE-2020-25683
https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/cve/CVE-2020-25687
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAbgy9zjgjWX9erEAQhsJg/7BiUPmYio6D87XkN9fcWf2VYynkHDOI1k
43jB7EnfLvUh/UrJSi3n3YH8a0eibMke1heXDUIuTBbv0BX5qi7QuOzmqD8bEsMq
esRcEyG2BGjVZ9eC5/Enm+L2j/lOUH8EEFH3O2tqEa4/U8oD3HB5ejofQo79uLwE
mGGIIc8pBzQDqGb/7ROt418VCwed5716OVmn5PV/A7zpbXf2Wg8AYBkuzm3aE/VS
+Jd7JIpFXaJwbszRZ2JJwXs4sKrxM49FTMJ0TjYZgwo6waLML9Fv43f87Tz9n4Wu
B56lH8OQZmJCH5tbbsrzCWa25cvf057UfBhQqj5qqsPPUL/I/oh4dEGQs58vUz+Y
bnuhDQqhjfa6FbBLyAMAHJf5l6X62ZnkIIDc3xPPsiTHdtuggOLZxQiXvm9QkKuI
LRReXUJVeLs2sq2SxXYHb9GqcCOV4M5K9+NpS4w/ICikKzd2RkCfVABymz2sVm7K
tGW3OsTmkhWpyAczYqp8zXm9abK+kwwQqkuQeb3JBQ+WInwSab63sT/nggDH/oWM
IqMb26QypNNr2cpZ/DB2HooGehSeLXNmAPrbeuIKowuKrCL0xRPTb9db2yXqttTS
WUNnKM3h66Ju+Gzzk+JhtoJl3lomGIgiT1c+QXvPC9B6lmFojx8lZKsxsQ1Qkudd
rwOB2/q5hRY=
=vAYb
- -----END PGP SIGNATURE-----

- -------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: dnsmasq security update
Advisory ID:       RHSA-2021:0152-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0152
Issue date:        2021-01-19
CVE Names:         CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 
                   CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 
                   CVE-2020-25687 
=====================================================================

1. Summary:

An update for dnsmasq is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is
enabled (CVE-2020-25681)

* dnsmasq: buffer overflow in extract_name() due to missing length check
when DNSSEC is enabled (CVE-2020-25682)

* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when
DNSSEC is enabled (CVE-2020-25683)

* dnsmasq: loose address/port check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25684)

* dnsmasq: loose query name check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25685)

* dnsmasq: multiple queries forwarded for the same name makes forging
replies easier for an off-path attacker (CVE-2020-25686)

* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset()
when DNSSEC is enabled (CVE-2020-25687)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1881875 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled
1882014 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled
1882018 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled
1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
1891568 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
dnsmasq-2.79-6.el8_1.1.src.rpm

aarch64:
dnsmasq-2.79-6.el8_1.1.aarch64.rpm
dnsmasq-debuginfo-2.79-6.el8_1.1.aarch64.rpm
dnsmasq-debugsource-2.79-6.el8_1.1.aarch64.rpm
dnsmasq-utils-2.79-6.el8_1.1.aarch64.rpm
dnsmasq-utils-debuginfo-2.79-6.el8_1.1.aarch64.rpm

ppc64le:
dnsmasq-2.79-6.el8_1.1.ppc64le.rpm
dnsmasq-debuginfo-2.79-6.el8_1.1.ppc64le.rpm
dnsmasq-debugsource-2.79-6.el8_1.1.ppc64le.rpm
dnsmasq-utils-2.79-6.el8_1.1.ppc64le.rpm
dnsmasq-utils-debuginfo-2.79-6.el8_1.1.ppc64le.rpm

s390x:
dnsmasq-2.79-6.el8_1.1.s390x.rpm
dnsmasq-debuginfo-2.79-6.el8_1.1.s390x.rpm
dnsmasq-debugsource-2.79-6.el8_1.1.s390x.rpm
dnsmasq-utils-2.79-6.el8_1.1.s390x.rpm
dnsmasq-utils-debuginfo-2.79-6.el8_1.1.s390x.rpm

x86_64:
dnsmasq-2.79-6.el8_1.1.x86_64.rpm
dnsmasq-debuginfo-2.79-6.el8_1.1.x86_64.rpm
dnsmasq-debugsource-2.79-6.el8_1.1.x86_64.rpm
dnsmasq-utils-2.79-6.el8_1.1.x86_64.rpm
dnsmasq-utils-debuginfo-2.79-6.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25681
https://access.redhat.com/security/cve/CVE-2020-25682
https://access.redhat.com/security/cve/CVE-2020-25683
https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/cve/CVE-2020-25687
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAbepdzjgjWX9erEAQhK0g/9F6hzOsmqxMPcgOvWjgi/c4Yl7oamXCbh
Lxv8Ytxrbov8l4idixd9Nmq1AuvWU83JvfCsDN3mkxmqK3cDf4D30DlFxFfzd1dF
rjqpdY1WCmWp3dnKclXlwc7Q25X3owjsXTkZwg5RxHi4AEMdE9ACvz5lp3djGXc5
SMIjD04UG5kqdwo97IrOj3ucTztg6Fq9jq92P/Q8L4iz+0fKKu4Lsy9O7lgKDoma
uSOduPeqH43BVGg0ADFJ/AvHgnkSLFX/OUhf21FLaGLqci+1YVp3Zzr45Nk1FsRj
bhdytI3hLgNCFanF4sH2/2y7AvEPYimwK1Xv5oEeH2UrfBACbJyCF1a7uQocH0R2
pHkcT157+0pr/dtq1Dr6JcDXjPjph0TcyIFzCVvVgO7O0Vb3fdE7E1I95H9TR4XF
+rpIejgq7+ECwIin7cY6rUNtywXNth/qIGGkMrYzsrfoArnOIWJlZtOptkZeWm1F
rgvWB30x2pbFsEzubVwiBx118R2qBkR943dTcMEux/6WTS9gkFkMWCDrNzADj35a
bgLhQdGHuG/QqLwN24FRYE+OzQwIQ+7IHwR4AttuUDN93k0H6cKEeHqGBb5tZyNs
4CVAneGK/kPIAJ/DI4R8lastfjOHgOpu8ZVkr0uXbqd3jnFs9nv8+7YNDbNs5l1v
t8hvuxEPrIY=
=KmZn
- -----END PGP SIGNATURE-----

- -----------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: dnsmasq security update
Advisory ID:       RHSA-2021:0153-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0153
Issue date:        2021-01-19
CVE Names:         CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 
=====================================================================

1. Summary:

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* dnsmasq: loose address/port check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25684)

* dnsmasq: loose query name check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25685)

* dnsmasq: multiple queries forwarded for the same name makes forging
replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
dnsmasq-2.76-16.el7_9.1.src.rpm

x86_64:
dnsmasq-2.76-16.el7_9.1.x86_64.rpm
dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm
dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
dnsmasq-2.76-16.el7_9.1.src.rpm

x86_64:
dnsmasq-2.76-16.el7_9.1.x86_64.rpm
dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm
dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
dnsmasq-2.76-16.el7_9.1.src.rpm

ppc64:
dnsmasq-2.76-16.el7_9.1.ppc64.rpm
dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64.rpm

ppc64le:
dnsmasq-2.76-16.el7_9.1.ppc64le.rpm
dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64le.rpm

s390x:
dnsmasq-2.76-16.el7_9.1.s390x.rpm
dnsmasq-debuginfo-2.76-16.el7_9.1.s390x.rpm

x86_64:
dnsmasq-2.76-16.el7_9.1.x86_64.rpm
dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64.rpm
dnsmasq-utils-2.76-16.el7_9.1.ppc64.rpm

ppc64le:
dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64le.rpm
dnsmasq-utils-2.76-16.el7_9.1.ppc64le.rpm

s390x:
dnsmasq-debuginfo-2.76-16.el7_9.1.s390x.rpm
dnsmasq-utils-2.76-16.el7_9.1.s390x.rpm

x86_64:
dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm
dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
dnsmasq-2.76-16.el7_9.1.src.rpm

x86_64:
dnsmasq-2.76-16.el7_9.1.x86_64.rpm
dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm
dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAblHdzjgjWX9erEAQg6Xg//fXZBawqLgCXhC7jToJJgUA+WoERkMbil
Vs5+OP4vp+nT2iA92mQ84rLTQG2tL2xhPfMxLVl+9aCH44RjJjmQ8F/ODvYxRCe4
MopmumQIwfGMAFK/n16jHAmkg+qMZa3ehUp+LuawnsIuGtC7BmiohLTZqjxFj754
6h79AhB8/zeX1buyqEBgo8kCTy/L+TRW/Xg/ENi6a6NTnwG3f2n89oxUOCASm2cA
YF2Qc1L8yqd/5YXBA8E3gRouBe2caThWUo0qrG9ois7lYIJKlxzo9sq3n6qfc8bN
hZ/OAKvNSnRSrC4AW8kHVskv0hR8kC+iX05ryujBdGRLiafHl9hLGy2E0qRR3mm3
hNyjhKzBNxwZZ3gF8nOQJyWtxSYJSwbl6n01ElEs+QexMKi/f+x8hML1BS1rf/tG
JuOOyLTUGjWIdmmLEKNQa/A5h0rWwJhNhVKuK+iNGXTey8C1JmeNaYpeOn8JdK1E
iS8ZT48mfu8MxvGVVbv8ARfMQtsWSo1IOMD/ttUh2SPflZ1Qpd2sGTR5sIJrq2JD
XlWePyzEQSL0UEJ8FgYOeJJEt9Q/gWgiug7ZBZrmanzLaNv0DA0dLsD8kE/p2mml
j6kxe9R0XnpTxnDTzKmmCaEXCFsrJIg872+57VfVbCeFcwV6pZMNMFACmMI6DJgX
sGV/jc2cn78=
=iw2j
- -----END PGP SIGNATURE-----

- ------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: dnsmasq security update
Advisory ID:       RHSA-2021:0154-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0154
Issue date:        2021-01-19
CVE Names:         CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 
=====================================================================

1. Summary:

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64

3. Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* dnsmasq: loose address/port check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25684)

* dnsmasq: loose query name check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25685)

* dnsmasq: multiple queries forwarded for the same name makes forging
replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):

Source:
dnsmasq-2.76-10.el7_7.2.src.rpm

x86_64:
dnsmasq-2.76-10.el7_7.2.x86_64.rpm
dnsmasq-debuginfo-2.76-10.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):

x86_64:
dnsmasq-debuginfo-2.76-10.el7_7.2.x86_64.rpm
dnsmasq-utils-2.76-10.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
dnsmasq-2.76-10.el7_7.2.src.rpm

ppc64:
dnsmasq-2.76-10.el7_7.2.ppc64.rpm
dnsmasq-debuginfo-2.76-10.el7_7.2.ppc64.rpm

ppc64le:
dnsmasq-2.76-10.el7_7.2.ppc64le.rpm
dnsmasq-debuginfo-2.76-10.el7_7.2.ppc64le.rpm

s390x:
dnsmasq-2.76-10.el7_7.2.s390x.rpm
dnsmasq-debuginfo-2.76-10.el7_7.2.s390x.rpm

x86_64:
dnsmasq-2.76-10.el7_7.2.x86_64.rpm
dnsmasq-debuginfo-2.76-10.el7_7.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.7):

ppc64:
dnsmasq-debuginfo-2.76-10.el7_7.2.ppc64.rpm
dnsmasq-utils-2.76-10.el7_7.2.ppc64.rpm

ppc64le:
dnsmasq-debuginfo-2.76-10.el7_7.2.ppc64le.rpm
dnsmasq-utils-2.76-10.el7_7.2.ppc64le.rpm

s390x:
dnsmasq-debuginfo-2.76-10.el7_7.2.s390x.rpm
dnsmasq-utils-2.76-10.el7_7.2.s390x.rpm

x86_64:
dnsmasq-debuginfo-2.76-10.el7_7.2.x86_64.rpm
dnsmasq-utils-2.76-10.el7_7.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAblv9zjgjWX9erEAQhqbw/8CmQI7lftuhRZBmU3VadwuiKa2WxqV96g
1dP7wqfand0peKs4NRZmz8VdnlJm/NaZNfltWJ52prrtp57nLzK3hpM8BtRVBSnY
0a9Yd2+7XJs58OUJuwlZFx1M3E/iRuz7HnjkYIU3e9AGV7e+tNE3YOvuhxBLuEcA
fKeWO++NVjlC1wfeOywKo4ICDk4RXYQh+BKvXLpHpXWqNYjoAiPcgmxwLdLjuLp2
YyOLNHevb3iYaLw0krToMaXvvjBk8KwQcUSUvRKhZ0/qzZ9f638+qbKWlyb3QLVp
NJCoT9fJ7/gGXedaUhE+s0TMehNt2dzNsdBntoR0vYWsVt9jZBo+sCwBFr+6Fct2
sxUhlyEVPepgs5IJ/rF/xGMWE7jxxXgP1ZPdYKsI1JB+KAXOOz6sQkLww7BbWnAS
B0pTJzp132Q4mOnaOrjpzD3tsrOw/WburDfQLIVIO5p56KJQ6Dr5m7/Z9aUds8mt
Bw7Rs1XLWnFZRlmOo2L7NfBkNTI1FdQAh2zxBURv4SlJAL7jnP2DskmffmAHFYaf
T2obXT02RaqEv6L6QmWl/m4knqDMOn+2N10vTMkKES7SlRWwTQ77a/WScQyvYjDd
rtuDuScW3kRF4maROoDC5Kl/DzABs2SQmGw2/iowrsmVKXd87w51/JUmAMx/97pX
N64nqQ2htwg=
=q9/8
- -----END PGP SIGNATURE-----

- ------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: dnsmasq security update
Advisory ID:       RHSA-2021:0155-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0155
Issue date:        2021-01-19
CVE Names:         CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 
=====================================================================

1. Summary:

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

3. Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* dnsmasq: loose address/port check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25684)

* dnsmasq: loose query name check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25685)

* dnsmasq: multiple queries forwarded for the same name makes forging
replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):

Source:
dnsmasq-2.76-7.el7_6.2.src.rpm

x86_64:
dnsmasq-2.76-7.el7_6.2.x86_64.rpm
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):

x86_64:
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
dnsmasq-2.76-7.el7_6.2.src.rpm

ppc64:
dnsmasq-2.76-7.el7_6.2.ppc64.rpm
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64.rpm

ppc64le:
dnsmasq-2.76-7.el7_6.2.ppc64le.rpm
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm

s390x:
dnsmasq-2.76-7.el7_6.2.s390x.rpm
dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm

x86_64:
dnsmasq-2.76-7.el7_6.2.x86_64.rpm
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
dnsmasq-2.76-7.el7_6.2.src.rpm

aarch64:
dnsmasq-2.76-7.el7_6.2.aarch64.rpm
dnsmasq-debuginfo-2.76-7.el7_6.2.aarch64.rpm

ppc64le:
dnsmasq-2.76-7.el7_6.2.ppc64le.rpm
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm

s390x:
dnsmasq-2.76-7.el7_6.2.s390x.rpm
dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.6):

ppc64:
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64.rpm
dnsmasq-utils-2.76-7.el7_6.2.ppc64.rpm

ppc64le:
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm
dnsmasq-utils-2.76-7.el7_6.2.ppc64le.rpm

s390x:
dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm
dnsmasq-utils-2.76-7.el7_6.2.s390x.rpm

x86_64:
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
dnsmasq-debuginfo-2.76-7.el7_6.2.aarch64.rpm
dnsmasq-utils-2.76-7.el7_6.2.aarch64.rpm

ppc64le:
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm
dnsmasq-utils-2.76-7.el7_6.2.ppc64le.rpm

s390x:
dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm
dnsmasq-utils-2.76-7.el7_6.2.s390x.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAboDtzjgjWX9erEAQiLag//YhXcBUOW0sEQ8k06WYSM8OkrXPNB0+Uq
53L0qcvoOWtSIkwV1CgVsHuLTXRPyelw4l/I3hZED+ACfEOUzGqYJOoWnc2HT712
e6rf5x8NVQpWpGLJbePFasiZ4b9Oe2cbpeveWUnJJyJ+9A/SKsAeANvvzvFIvPah
le699qONS1DpTqS5v1vU7qqN0ZcdEdC83CeRjeYOoFx1+a9izFg9eKPyr3RdsrjF
ze9Dv+6ZeCorrwMa9fyEVtmT91vmOGy6/1f2/9YlI9j/tjDfhv4HdlbHL0u2Eg2z
eBaAkitgzgZ46L63hm6fNmTs9cO1AW+c8STkFjcv44vz4MJEQ60K2NiOqvuhm7ba
GgU0rAJD1cPnHrriJ4DytwDpgGOhoC2a637mt0onni0U6ZZmvcVIkVY1m7muCyVr
Vry4ViX/LrBgw+C46NTKHIlgZm2IzVH/OkgLpvXmf+SoQqQoiI75QaeTe432X9ie
Ot9z14n5OFOwcAvOwnzUUIAR3oOxQfyhby8tgN+bRsIFOmYceYkocwc7DWGJQ+Zk
mInUwGaEVAPkZzmTgxTjc5BGFdb9Ojsl32g1KbLAUv4SaUZtYzwGUxh0sMwEG5eY
8JqCsJP+4BDFBd70g7KZDdUkySJ0v3gb5+PS7KqnnRtYJb81Dl6FBxNc7x9KL8cG
3tTxc1zVYbM=
=RW1Z
- -----END PGP SIGNATURE-----

- ------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: dnsmasq security update
Advisory ID:       RHSA-2021:0156-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0156
Issue date:        2021-01-19
CVE Names:         CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 
=====================================================================

1. Summary:

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64

3. Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* dnsmasq: loose address/port check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25684)

* dnsmasq: loose query name check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25685)

* dnsmasq: multiple queries forwarded for the same name makes forging
replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:
dnsmasq-2.76-2.el7_4.3.src.rpm

x86_64:
dnsmasq-2.76-2.el7_4.3.x86_64.rpm
dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.4):

Source:
dnsmasq-2.76-2.el7_4.3.src.rpm

ppc64le:
dnsmasq-2.76-2.el7_4.3.ppc64le.rpm
dnsmasq-debuginfo-2.76-2.el7_4.3.ppc64le.rpm

x86_64:
dnsmasq-2.76-2.el7_4.3.x86_64.rpm
dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.4):

Source:
dnsmasq-2.76-2.el7_4.3.src.rpm

x86_64:
dnsmasq-2.76-2.el7_4.3.x86_64.rpm
dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64:
dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm
dnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.4):

ppc64le:
dnsmasq-debuginfo-2.76-2.el7_4.3.ppc64le.rpm
dnsmasq-utils-2.76-2.el7_4.3.ppc64le.rpm

x86_64:
dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm
dnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.4):

x86_64:
dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm
dnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAbg5dzjgjWX9erEAQjfmA//U9huQUHWE5px5MpvL3/7ZlTnU3Q23tSz
lOkHHhl4hwFmETAaVUv/Zoc1N7OfxHzC6C4ot2+rPFj+oMcZQeXUrfhKZkG5kWMn
Qy/yIN9myOJ9jjM+2NmF+nQPAiIVi2fU/LkDIEYGXihDZB67/bvu2ErbX2dEOGaH
ikX4JNYAVw8vnCZgRy2bbXq47Nff8oeys9sTcDWIq61Svg2mHYYtIoF4Xmz5N5u5
Gb+75FFSxlBoNQFbDyydm19UpGTGZ1dP5Giquvuv8hN0lXGDZN39TANk8FruwnB+
ibyRgzf1R3IwDKbMdkICVOtxfR6cMUXOk5fB6bygyL8Ki6o03N1/HPnQTOQ3XPDO
Ya0eswXvMpG8DdhIPi6xlVhorxDj4QKaVKC82rnbb27KJP+UPC8KXfp8lEZSD0zX
56f2O2t42rjzrulnijDdeHtW6oI1MytA/hVLLM0Sdt6PYS19jflucnwP2UuZn0aR
RRWjdK6Tx0OYxpPQBYVKygzm+0ke7Ee5BoGn+sYU5SZSH6ro0AlfIRVQn6XmTGUj
Gotg6jc4a6HXjhrA72lkxvW9pzFVXpfiQ/VFhBblP39dcCXXyRfTSzgbutDAz7eu
5R8SwUBVIJ0e/Pp32WAMapLfKc+Pj9VG/INfwYYxtpWooy2cHk+3HZIy8gXylhCA
lyNYjR6LrCc=
=sh0K
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYAdaueNLKJtyKPYoAQi/aQ//cjPtCS6Yy0vNdfeD5+G1ojyRWrUVRpbY
F2jsfnbURtCASL82hfJ2dGAVBABJ7CXx60I6fsysY9o2xg+CVy7+uBk2Rt6f4bqc
hRDan04Hrh2VzBIYIzTJMz41w2Ye42SUG3B30MLH3qqWA176zrvSIl9OShyEtma8
ggSV7QRwEKCckLxc9T81Uz/80inulOc/Jboq2nquX4itVsW5EkQs+k8Ce9HGu3kW
ILAb84Ozoe9Xbw6kJLWV8M6SZm0z/6E34e0n99ox//SycmLCWWZ6m6LiG24OhU/2
zy9AeMpCXvn3X3SMtWGqPrVGFYQOG7vOJOYzZXPEcMsSK6qNUu0tqrT/BbmLh/n+
JOCFN/4+F0QxGGkzmdhD9sasmuBHRnF0aE0Y5zAZtI2JcX/ecVhvk63Kxr96H6m5
972C/PDlG38SPWN697HfqMj+N2KVYdmtSfmMTBXbCRgNafmaxf3I0QgncteHmYM2
e2h/4YUG3rq+mFNgw/8BK3Q9C1ahJjoFBA6acXWw8vWTUJ1kCu2ANIByfqn8y0hi
VO7TohNYuxnyVbEQL22JooldsxyibC5fo3MazfJMbZq4znp1E3vAxvaaTWHrBXKu
v52xIQ7aI467SWsqpTsC0uDKYRLaKPJo+d2B7KZd9+CY7VQBTYXgJ1GpW6u6y8+b
7LMS9c3BMsQ=
=aSGD
-----END PGP SIGNATURE-----