Summary: | net-dns/dnsmasq possibly affected by cache poisoning issue VU#800113 ? | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chutzpah, holger, matt |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002147.html | ||
Whiteboard: | ?? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2008-07-09 10:48:49 UTC
Yes, it does appear to be affected, I will update the version in portage as soon as a fix is out. comitted net-dns/dnsmasq-2.43_rc3 which should have the fix (although it is unclear if dnsmasq is affected) http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002148.html I've tested both versions. I noticed that in the recently committed version that dnsmasq doesn't leave a high numbered UDP port open (in my case it was 32781) output of netstat -an | grep udp Version 2.42: udp 0 0 0.0.0.0:32781 0.0.0.0:* udp 0 0 0.0.0.0:53 0.0.0.0:* Version 2.43rc3: udp 0 0 0.0.0.0:53 0.0.0.0:* Arches, please test and mark stable: =net-dns/dnsmasq-2.43 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Stable for HPPA. stable on amd64 sparc stable alpha/ia64/x86 stable ppc64 stable ppc stable Since bind got a GLSA, I guess we'll have another one, but maybe we should combine with other DNS resolvers? Anyway, glsa reques filed. GLSA 200809-02 |