Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 547966 (CVE-2015-3294) - <net-dns/dnsmasq-2.72-r2: unchecked return value of the setup_reply() function (CVE-2015-3294)
Summary: <net-dns/dnsmasq-2.72-r2: unchecked return value of the setup_reply() functio...
Status: RESOLVED FIXED
Alias: CVE-2015-3294
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa cleanup cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-28 07:01 UTC by Agostino Sarubbo
Modified: 2016-05-31 22:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-04-28 07:01:45 UTC
From ${URL} :

The following flaw was found in dnsmasq:

Dnsmasq does not properly check the return value of the setup_reply() function called during a tcp 
connection (by the tcp_request() function). This return value is then used as a size argument in a 
function which writes data on the client's connection. This may lead, upon successful exploitation, 
to reading the heap memory of dnsmasq.

This issue is fixed in dnsmasq-2.73rc4:

http://www.thekelleys.org.uk/dnsmasq/release-candidates/

External References:

https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1502/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Patrick McLean gentoo-dev 2015-04-28 18:17:45 UTC
Pulled in fix from git to dnsmasq-2.72-r1, it is ready for stabilization.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2015-06-14 20:35:17 UTC
CVE-2015-3294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3294):
  The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle
  the return value of the setup_reply function, which allows remote attackers
  to read process memory and cause a denial of service (out-of-bounds read and
  crash) via a malformed DNS request.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2015-06-16 03:40:00 UTC
(In reply to Patrick McLean from comment #1)
> Pulled in fix from git to dnsmasq-2.72-r1, it is ready for stabilization.

This was missed, do you still want to stable dnsmasq-2.72-r1 or later version as there are two later in tree.
Comment 4 Patrick McLean gentoo-dev 2015-06-16 18:18:27 UTC
Use 2.72-r2 since 2.73 is too new to be stabilized yet, and the only change from -r1 to -r2 is a lua dependency tweak.
Comment 5 Kristian Fiskerstrand gentoo-dev Security 2015-06-16 18:21:29 UTC
Arches, please stabilize: 
=net-dns/dnsmasq-2.72-r1
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 6 Kristian Fiskerstrand gentoo-dev Security 2015-06-16 18:22:37 UTC
(In reply to Kristian Fiskerstrand from comment #5)
> Arches, please stabilize: 
> =net-dns/dnsmasq-2.72-r1
> Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

Sorry, misread, that should be 
=net-dns/dnsmasq-2.72-r2
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 7 Agostino Sarubbo gentoo-dev 2015-06-17 07:17:20 UTC
amd64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-06-17 07:22:01 UTC
x86 stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-06-17 08:51:56 UTC
sparc stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-06-17 19:14:16 UTC
arm stable
Comment 11 Jeroen Roovers gentoo-dev 2015-06-19 05:26:41 UTC
Stable for HPPA.
Comment 12 Jeroen Roovers gentoo-dev 2015-06-19 06:10:58 UTC
Stable for PPC64.
Comment 13 Agostino Sarubbo gentoo-dev 2015-06-24 07:57:09 UTC
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2015-07-03 09:57:18 UTC
alpha stable
Comment 15 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-24 09:37:41 UTC
ia64 stable
Comment 16 Yury German Gentoo Infrastructure gentoo-dev Security 2015-08-04 14:11:00 UTC
Arches, Thank you for your work.
Maintainer(s), please drop the vulnerable version(s).

New GLSA Request filed.
Comment 17 Yury German Gentoo Infrastructure gentoo-dev Security 2015-10-10 02:48:36 UTC
It has been 30 days+ since cleanup requested.
Maintainer(s), please drop the vulnerable version(s).
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2015-12-17 16:39:01 UTC
This issue was resolved and addressed in
 GLSA 201512-01 at https://security.gentoo.org/glsa/201512-01
by GLSA coordinator Yury German (BlueKnight).
Comment 19 Yury German Gentoo Infrastructure gentoo-dev Security 2015-12-17 16:40:06 UTC
Re-Openning for Cleanup
Comment 20 Yury German Gentoo Infrastructure gentoo-dev Security 2016-02-25 08:21:01 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 21 Yury German Gentoo Infrastructure gentoo-dev Security 2016-04-26 07:32:24 UTC
Can we please clean up version =net-dns/dnsmasq-2.66 please. Vulnerable since last year.