Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 645704 (CVE-2017-15107) - <net-dns/dnsmasq-2.79: Improper validation of wildcard synthesized NSEC records (CVE-2017-15107)
Summary: <net-dns/dnsmasq-2.79: Improper validation of wildcard synthesized NSEC recor...
Status: RESOLVED FIXED
Alias: CVE-2017-15107
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-25 15:45 UTC by GLSAMaker/CVETool Bot
Modified: 2018-07-23 17:50 UTC (History)
1 user (show)

See Also:
Package list:
net-dns/dnsmasq-2.79
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-25 15:45:55 UTC 
CVE-2017-15107 (https://nvd.nist.gov/vuln/detail/CVE-2017-15107):
  A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to
  and including 2.78. Wildcard synthesized NSEC records could be improperly
  interpreted to prove the non-existence of hostnames that actually exist.
Comment 1 Patrick McLean gentoo-dev 2018-03-19 18:13:26 UTC 
net-dns/dnsmasq-2.79 has been added to the tree including the fix for this
Comment 2 Matt Turner gentoo-dev 2018-07-16 19:01:15 UTC 
chutzpah gave the go ahead on IRC.
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-07-17 11:30:10 UTC 
amd64 stable
Comment 4 Larry the Git Cow gentoo-dev 2018-07-20 08:08:15 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d4c1a937438e351c60768345b083c103244cf47

commit 2d4c1a937438e351c60768345b083c103244cf47
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-20 07:58:59 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-20 08:07:22 +0000

    net-dns/dnsmasq: stable 2.79 for ia64, bug #645704
    
    Bug: https://bugs.gentoo.org/645704
    Package-Manager: Portage-2.3.43, Repoman-2.3.10
    RepoMan-Options: --include-arches="ia64"

 net-dns/dnsmasq/dnsmasq-2.79.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2018-07-20 12:13:30 UTC 
Stable on alpha.
Comment 6 Larry the Git Cow gentoo-dev 2018-07-20 22:24:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=574a63f82e0d44f021a5fc0b3b152d365664d6e2

commit 574a63f82e0d44f021a5fc0b3b152d365664d6e2
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-20 22:23:21 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-20 22:23:58 +0000

    net-dns/dnsmasq: stable 2.79 for hppa, bug #645704
    
    Bug: https://bugs.gentoo.org/645704
    Package-Manager: Portage-2.3.43, Repoman-2.3.10
    RepoMan-Options: --include-arches="hppa"

 net-dns/dnsmasq/dnsmasq-2.79.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2018-07-20 22:41:35 UTC 
x86 stable
Comment 8 Larry the Git Cow gentoo-dev 2018-07-20 22:48:12 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c7ed667963f01a360d2e74b67624d1026209042

commit 2c7ed667963f01a360d2e74b67624d1026209042
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-20 22:44:47 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-20 22:44:47 +0000

    net-dns/dnsmasq: stable 2.79 for ppc64, bug #645704
    
    Bug: https://bugs.gentoo.org/645704
    Package-Manager: Portage-2.3.43, Repoman-2.3.10
    RepoMan-Options: --include-arches="ppc64"

 net-dns/dnsmasq/dnsmasq-2.79.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 9 Larry the Git Cow gentoo-dev 2018-07-20 23:18:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b8680871cacdd83c63b3e269613144454fc0877

commit 1b8680871cacdd83c63b3e269613144454fc0877
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-20 22:51:05 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-20 23:17:43 +0000

    net-dns/dnsmasq: stable 2.79 for ppc, bug #645704
    
    Bug: https://bugs.gentoo.org/645704
    Package-Manager: Portage-2.3.43, Repoman-2.3.10
    RepoMan-Options: --include-arches="ppc"

 net-dns/dnsmasq/dnsmasq-2.79.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-07-22 02:32:01 UTC 
arm stable
Comment 11 Larry the Git Cow gentoo-dev 2018-07-22 09:00:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72c8aed202d25817dc016bf1a7c22d7d21e2dce5

commit 72c8aed202d25817dc016bf1a7c22d7d21e2dce5
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-07-22 08:45:34 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-22 09:00:12 +0000

    net-dns/dnsmasq: stable 2.79 for sparc
    
    Bug: https://bugs.gentoo.org/645704
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="sparc"

 net-dns/dnsmasq/dnsmasq-2.79.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2018-07-22 19:18:52 UTC 
GLSA Vote: No

@maintainer, please clean vulnerable.
Comment 13 Larry the Git Cow gentoo-dev 2018-07-23 17:50:17 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8cafd8008ac941241b6897de75a4fefd3df74184

commit 8cafd8008ac941241b6897de75a4fefd3df74184
Author:     Patrick McLean <chutzpah@gentoo.org>
AuthorDate: 2018-07-23 17:49:53 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2018-07-23 17:49:53 +0000

    net-dns/dnsmasq: Remove 2.78 (security bug #645704)
    
    Closes: https://bugs.gentoo.org/645704
    Package-Manager: Portage-2.3.43, Repoman-2.3.10

 net-dns/dnsmasq/Manifest            |   1 -
 net-dns/dnsmasq/dnsmasq-2.78.ebuild | 195 ------------------------------------
 2 files changed, 196 deletions(-)