Red Hat Product Errata RHSA-2008:0789 - Security Advisory

Issued:: 2008-08-11
Updated:: 2008-08-11

RHSA-2008:0789 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: dnsmasq security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated dnsmasq package that implements UDP source-port randomization
is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to
provide DNS and, optionally, DHCP, to a small network.

The dnsmasq DNS resolver used a fixed source UDP port. This could have made
DNS spoofing attacks easier. dnsmasq has been updated to use random UDP
source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447)

All dnsmasq users are advised to upgrade to this updated package, that
upgrades dnsmasq to version 2.45, which resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 449345 - CVE-2008-1447 implement source UDP port randomization (CERT VU#800113)
BZ - 454869 - CVE-2008-1447 implement source UDP port randomization (CERT VU#800113) [rhel-5.2.z]

CVEs

CVE-2008-1447

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
dnsmasq-2.45-1.el5_2.1.src.rpm	SHA-256: 061e9d0302f6f6111cfc48e2b77f165e99b138b1ecbf2957a94657e08b86909e
x86_64
dnsmasq-2.45-1.el5_2.1.x86_64.rpm	SHA-256: 74655310f2fc465eb6f3b4664c93abea9fd0feea50326e513468d1c62de0f0ec
ia64
dnsmasq-2.45-1.el5_2.1.ia64.rpm	SHA-256: 24dee61e2f2064f5c0bd31bed057bb3830dcc0bc7029b7836a8d9d19290ac32d
i386
dnsmasq-2.45-1.el5_2.1.i386.rpm	SHA-256: 9e6bb809a7144a64c6336de0f5b88fb167586f92e4c04846366e3ef9972dfbda

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
dnsmasq-2.45-1.el5_2.1.src.rpm	SHA-256: 061e9d0302f6f6111cfc48e2b77f165e99b138b1ecbf2957a94657e08b86909e
x86_64
dnsmasq-2.45-1.el5_2.1.x86_64.rpm	SHA-256: 74655310f2fc465eb6f3b4664c93abea9fd0feea50326e513468d1c62de0f0ec
i386
dnsmasq-2.45-1.el5_2.1.i386.rpm	SHA-256: 9e6bb809a7144a64c6336de0f5b88fb167586f92e4c04846366e3ef9972dfbda

Red Hat Enterprise Linux Desktop 5

SRPM
dnsmasq-2.45-1.el5_2.1.src.rpm	SHA-256: 061e9d0302f6f6111cfc48e2b77f165e99b138b1ecbf2957a94657e08b86909e
x86_64
dnsmasq-2.45-1.el5_2.1.x86_64.rpm	SHA-256: 74655310f2fc465eb6f3b4664c93abea9fd0feea50326e513468d1c62de0f0ec
i386
dnsmasq-2.45-1.el5_2.1.i386.rpm	SHA-256: 9e6bb809a7144a64c6336de0f5b88fb167586f92e4c04846366e3ef9972dfbda

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
dnsmasq-2.45-1.el5_2.1.src.rpm	SHA-256: 061e9d0302f6f6111cfc48e2b77f165e99b138b1ecbf2957a94657e08b86909e
s390x
dnsmasq-2.45-1.el5_2.1.s390x.rpm	SHA-256: 278f31cf14b252fca8e78ba72626fdf37541c6447374cd038afefe2d341799b0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
dnsmasq-2.45-1.el5_2.1.src.rpm	SHA-256: 061e9d0302f6f6111cfc48e2b77f165e99b138b1ecbf2957a94657e08b86909e
ppc
dnsmasq-2.45-1.el5_2.1.ppc.rpm	SHA-256: fd76c8f2910382373a57214fb3d5339ac96b5610c2cd6a1431ee684058378ef7

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
dnsmasq-2.45-1.el5_2.1.src.rpm	SHA-256: 061e9d0302f6f6111cfc48e2b77f165e99b138b1ecbf2957a94657e08b86909e
x86_64
dnsmasq-2.45-1.el5_2.1.x86_64.rpm	SHA-256: 74655310f2fc465eb6f3b4664c93abea9fd0feea50326e513468d1c62de0f0ec
i386
dnsmasq-2.45-1.el5_2.1.i386.rpm	SHA-256: 9e6bb809a7144a64c6336de0f5b88fb167586f92e4c04846366e3ef9972dfbda

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories