Skip to main content

Security Alert: Dnsmasq Vulnerability on Linux Variants

Date:
2017-10-04 16:22:00
Status:
Closed
Brief Description:
Red Hat Product Security has announced several vulnerabilities affecting the dnsmasq service in Red Hat Enterprise Linux versions 5, 6 and 7 and Linux variants. Patches should be applied as soon as possible.
Current Status:
N/A
Services Affected:
Not Applicable
Full Description:
Red Hat Product Security has announced several vulnerabilities affecting dnsmasq (CVE-2017-14491, CVE-2017-14492 and CVE-2017-14493) that are rated as critical. There are four additional vulnerabilities that are rated as important (CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 and CVE-2017-13704.) If dnsmasq is being used utilized as a DNS or DHCP server, the service should be shut down until the system is patched. Below is additional information regarding these vulnerabilities. Systems not running the dnsmasq service are not at risk

https://access.redhat.com/security/vulnerabilities/3199382?sc_cid=701f2000000tiIYAAY&&elqTrackId=c458b375efcc441091034556f7db7ca8&elq=e2dba02bbb5e4a34b690258128a8c5ef&elqaid=41994&elqat=1&elqCampaignId=140797

The
Resolution tab of the preceding page includes a list of affected products and the appropriate security patch to be installed.

This service is also included in Android OS and Mac OS X as well as desktop Linux distributions such as FreeBSD, OpenBSD and NetBSD.