Summary: | <net-dns/dnsmasq-2.78: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | arthur, chutzpah, luke |
Priority: | High | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html | ||
Whiteboard: | A1 [glsa cve] | ||
Package list: |
=net-dns/dnsmasq-2.78
|
Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2017-10-02 14:16:18 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5383e3fce7a501407d7a2e8c41efa766d3df2d67 commit 5383e3fce7a501407d7a2e8c41efa766d3df2d67 Author: Patrick McLean <chutzpah@gentoo.org> AuthorDate: 2017-10-02 16:37:09 +0000 Commit: Patrick McLean <chutzpah@gentoo.org> CommitDate: 2017-10-02 16:37:48 +0000 net-dns/dnsmasq: Version bump for #632692 Security version bump for these CVEs: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Also make the relad action use start-stop-daemon. Bug: https://bugs.gentoo.org/632692 Closes: https://bugs.gentoo.org/629284 Package-Manager: Portage-2.3.10, Repoman-2.3.3 net-dns/dnsmasq/Manifest | 1 + net-dns/dnsmasq/dnsmasq-2.78.ebuild | 198 +++++++++++++++++++++++++++++ net-dns/dnsmasq/files/dnsmasq-init-dhcp-r2 | 29 +++++ net-dns/dnsmasq/files/dnsmasq-init-r3 | 23 ++++ 4 files changed, 251 insertions(+)} net-dns/dnsmasq-2.78 is now in the tree, we should be good to stabilize. (In reply to Patrick McLean from comment #2) > net-dns/dnsmasq-2.78 is now in the tree, we should be good to stabilize. Thank you. @Arches please test and mark stable. Gentoo Security Padawan ChrisADR x86 stable amd64 stable ia64 stable ppc64 stable ppc stable hppa/sparc stable (thanks to Rolf Eike Beer) arm stable Stable on alpha. Stabilization is complete, thank you arches. @ Maintainer(s): Please clean the vulnerable versions from the tree. @ Security: Please vote on whether a glsa is needed or not. Gentoo Security Padawan Kivak This issue was resolved and addressed in GLSA 201710-27 at https://security.gentoo.org/glsa/201710-27 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup. *** Bug 630296 has been marked as a duplicate of this bug. *** *** Bug 624510 has been marked as a duplicate of this bug. *** |