Summary: | net-dns/dnsmasq 2.21 fixes remote vulnerabilities | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex <alex00882007> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | avenj, lucent, uberlord | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://www.securityfocus.com/bid/12897/info/ | ||||||||
Whiteboard: | B4 [glsa] koon | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | 87091 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Alex
2005-03-25 16:08:20 UTC
local bump to 2.21 fails with netlink errors. starting with dnsmasq-2.21 there is new code to run dnsmasq/dhcp on alias interfaces. My guess is the author was a little rushed to get the code out the door and thus it's incomplete and or not well tested. The diff -Nrup dnsmasq-2.2{0,1} is rather large so pinpointing the exact fix needed to patch 2.20 might be a little tricky. Created attachment 54493 [details]
dnsmasq-2.21.ebuild
Created attachment 54494 [details, diff]
dnsmasq-2.21-nonetlink.patch
patch to allow 2.21 to build. This is not the ideal fix but seeing as the rt
netlink handling is new functionality I don't think were really missing out on
anything.
dnsmasq-2.21 committed with upstream's netlink.c fix (the correct fix is to include types.h) Arches please test and mark stable. Stable on ppc. stable on amd64 and x86 Stable on SPARC The off-by-one affects the reading of lease files which are not under the control of a remote attacker (interestingly it was found by our own audit team). That leaves us with the DNS cache poisoning things, so this is minor... but everyone agreed it needed a GLSA anyway, so I drafted one. The off-by-one is actually two off-by-ones per evil lease entry. This bug can be triggered by anyone on the local LAN segment who sends clientid and hostnames over a certain length. It is possible this may lead to a crash when dnsmasq restarts and parses the lease file (the bugs exist in the lease file parsing code). During my tests I never saw dnsmasq crash as a result of this, hence me not filing a bug myself. arm/ia64/s390 done 2.22 is in the tree and has a bunch of fixes, but I've committed it as ~arch due to changes not related to 2.21 regressions. Dunno if the security folks want to go through the effort of stabilizing 2.22 (2.21 is masked) Well, we need to have a fixed stable version for people to upgrade to. TARGET KEYWORDS="~alpha amd64 arm ~hppa ia64 mips ppc s390 ~sh sparc x86" Arches, 2.21 was regressing in some ugly cases, please test and adjust keywords on 2.22 according to TARGET KEYWORDS. Stable on ppc. 2.22 stable on sparc. stable on amd64 ~alpha keyworded. Stable on mips. Still missing x86 stable keyword to send GLSA avenj/uberlord/x86-herd: please test and mark stable on x86 I'd ask that Uberlord please do it, as far as I know it's stable but he's the only one I can think of offhand who can confirm the 2.21 bugs are fixed for good (his setup's much more complex than mine) Stable on x86 *** Bug 87564 has been marked as a duplicate of this bug. *** GLSA 200504-03 |