Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2013:0277 - Security Advisory
Issued:
2013-02-21
Updated:
2013-02-21

RHSA-2013:0277 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: dnsmasq security, bug fix and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated dnsmasq packages that fix one security issue, one bug, and add
various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

It was discovered that dnsmasq, when used in combination with certain
libvirtd configurations, could incorrectly process network packets from
network interfaces that were intended to be prohibited. A remote,
unauthenticated attacker could exploit this flaw to cause a denial of
service via DNS amplification attacks. (CVE-2012-3411)

In order to fully address this issue, libvirt package users are advised to
install updated libvirt packages. Refer to RHSA-2013:0276 for additional
information.

This update also fixes the following bug:

  • Due to a regression, the lease change script was disabled. Consequently,

the "dhcp-script" option in the /etc/dnsmasq.conf configuration file did
not work. This update corrects the problem and the "dhcp-script" option now
works as expected. (BZ#815819)

This update also adds the following enhancements:

  • Prior to this update, dnsmasq did not validate that the tftp directory

given actually existed and was a directory. Consequently, configuration
errors were not immediately reported on startup. This update improves the
code to validate the tftp root directory option. As a result, fault finding
is simplified especially when dnsmasq is called by external processes such
as libvirt. (BZ#824214)

  • The dnsmasq init script used an incorrect Process Identifier (PID) in the

"stop", "restart", and "condrestart" commands. Consequently, if there were
some dnsmasq instances running besides the system one started by the init
script, then repeated calling of "service dnsmasq" with "stop" or "restart"
would kill all running dnsmasq instances, including ones not started with
the init script. The dnsmasq init script code has been corrected to obtain
the correct PID when calling the "stop", "restart", and "condrestart"
commands. As a result, if there are dnsmasq instances running in addition
to the system one started by the init script, then by calling "service
dnsmasq" with "stop" or "restart" only the system one is stopped or
restarted. (BZ#850944)

  • When two or more dnsmasq processes were running with DHCP enabled on one

interface, DHCP RELEASE packets were sometimes lost. Consequently, when two
or more dnsmasq processes were running with DHCP enabled on one interface,
releasing IP addresses sometimes failed. This update sets the
SO_BINDTODEVICE socket option on DHCP sockets if running dnsmasq with DHCP
enabled on one interface. As a result, when two or more dnsmasq processes
are running with DHCP enabled on one interface, they can release IP
addresses as expected. (BZ#887156)

All users of dnsmasq are advised to upgrade to these updated packages,
which fix these issues and add these enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 833033 - CVE-2012-3411 libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks
  • BZ - 850944 - "service dnsmasq restart (or dnsmasq package update) kills all instances of dnsmasq on system, including those started by libvirtd
  • BZ - 884957 - guest can not get NAT IP from dnsmasq-2.48-10

CVEs

  • CVE-2012-3411

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://rhn.redhat.com/errata/RHSA-2013-0276.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
x86_64
dnsmasq-2.48-13.el6.x86_64.rpm SHA-256: 31e8dd6523f064fe394b2a47a39525276275c22d7978d2ebede98bb11e9320f9
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-utils-2.48-13.el6.x86_64.rpm SHA-256: 8e7e75cc678c254efac960a3cdc7f44204298c1f24e059fcafb2183ebcee8752
i386
dnsmasq-2.48-13.el6.i686.rpm SHA-256: bb285fe2631f788cb972a375fc6bd6bad55a865511b674a09611519e548a1f04
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-utils-2.48-13.el6.i686.rpm SHA-256: f14838f3a69a9797859e2f9698681c92e6811ef3e6bcc5b46aa83359857c02b5

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
x86_64
dnsmasq-2.48-13.el6.x86_64.rpm SHA-256: 31e8dd6523f064fe394b2a47a39525276275c22d7978d2ebede98bb11e9320f9
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-utils-2.48-13.el6.x86_64.rpm SHA-256: 8e7e75cc678c254efac960a3cdc7f44204298c1f24e059fcafb2183ebcee8752
i386
dnsmasq-2.48-13.el6.i686.rpm SHA-256: bb285fe2631f788cb972a375fc6bd6bad55a865511b674a09611519e548a1f04
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-utils-2.48-13.el6.i686.rpm SHA-256: f14838f3a69a9797859e2f9698681c92e6811ef3e6bcc5b46aa83359857c02b5

Red Hat Enterprise Linux Workstation 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
x86_64
dnsmasq-2.48-13.el6.x86_64.rpm SHA-256: 31e8dd6523f064fe394b2a47a39525276275c22d7978d2ebede98bb11e9320f9
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-utils-2.48-13.el6.x86_64.rpm SHA-256: 8e7e75cc678c254efac960a3cdc7f44204298c1f24e059fcafb2183ebcee8752
i386
dnsmasq-2.48-13.el6.i686.rpm SHA-256: bb285fe2631f788cb972a375fc6bd6bad55a865511b674a09611519e548a1f04
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-utils-2.48-13.el6.i686.rpm SHA-256: f14838f3a69a9797859e2f9698681c92e6811ef3e6bcc5b46aa83359857c02b5

Red Hat Enterprise Linux Desktop 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
x86_64
dnsmasq-2.48-13.el6.x86_64.rpm SHA-256: 31e8dd6523f064fe394b2a47a39525276275c22d7978d2ebede98bb11e9320f9
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-utils-2.48-13.el6.x86_64.rpm SHA-256: 8e7e75cc678c254efac960a3cdc7f44204298c1f24e059fcafb2183ebcee8752
i386
dnsmasq-2.48-13.el6.i686.rpm SHA-256: bb285fe2631f788cb972a375fc6bd6bad55a865511b674a09611519e548a1f04
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-utils-2.48-13.el6.i686.rpm SHA-256: f14838f3a69a9797859e2f9698681c92e6811ef3e6bcc5b46aa83359857c02b5

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
s390x
dnsmasq-2.48-13.el6.s390x.rpm SHA-256: 1f357125baedb325ac284b9a8f4b863475ad60b596abf632f72445ed378d86af
dnsmasq-debuginfo-2.48-13.el6.s390x.rpm SHA-256: e57d06fa36082978e7c83aa4c94be0332d6413cd2cf432b34c62409c49f39fc8
dnsmasq-debuginfo-2.48-13.el6.s390x.rpm SHA-256: e57d06fa36082978e7c83aa4c94be0332d6413cd2cf432b34c62409c49f39fc8
dnsmasq-utils-2.48-13.el6.s390x.rpm SHA-256: 75fbd19d897c771eb419376915875cb358df9d605c5fc78b7eb6280908f48ed6

Red Hat Enterprise Linux for Power, big endian 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
ppc64
dnsmasq-2.48-13.el6.ppc64.rpm SHA-256: c8968b224f1fba1391a007d9bb4b2460a1c372f1042710db05bf73df0ea5e884
dnsmasq-debuginfo-2.48-13.el6.ppc64.rpm SHA-256: 5a7106744b7ecd5429db1b9d8c428ccbf4f71ce4b365d4b24e378102d60d3498
dnsmasq-debuginfo-2.48-13.el6.ppc64.rpm SHA-256: 5a7106744b7ecd5429db1b9d8c428ccbf4f71ce4b365d4b24e378102d60d3498
dnsmasq-utils-2.48-13.el6.ppc64.rpm SHA-256: 45c98adbc9e9960bbcf9cd4b8baac4d3021dded7a02886e18c54b557be8fb843

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
x86_64
dnsmasq-2.48-13.el6.x86_64.rpm SHA-256: 31e8dd6523f064fe394b2a47a39525276275c22d7978d2ebede98bb11e9320f9
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-utils-2.48-13.el6.x86_64.rpm SHA-256: 8e7e75cc678c254efac960a3cdc7f44204298c1f24e059fcafb2183ebcee8752

Red Hat Enterprise Linux Server from RHUI 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
x86_64
dnsmasq-2.48-13.el6.x86_64.rpm SHA-256: 31e8dd6523f064fe394b2a47a39525276275c22d7978d2ebede98bb11e9320f9
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm SHA-256: 41bc5cbe1a9183df5a46c18b246f91a58b0d485207286647d1896de80e5c9eae
dnsmasq-utils-2.48-13.el6.x86_64.rpm SHA-256: 8e7e75cc678c254efac960a3cdc7f44204298c1f24e059fcafb2183ebcee8752
i386
dnsmasq-2.48-13.el6.i686.rpm SHA-256: bb285fe2631f788cb972a375fc6bd6bad55a865511b674a09611519e548a1f04
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-debuginfo-2.48-13.el6.i686.rpm SHA-256: 090a9e0e0fb03e96335a227839c16cebf875c809204986d07883994c029a85b6
dnsmasq-utils-2.48-13.el6.i686.rpm SHA-256: f14838f3a69a9797859e2f9698681c92e6811ef3e6bcc5b46aa83359857c02b5

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
dnsmasq-2.48-13.el6.src.rpm SHA-256: 76d7f65e8ec14e1fea6a0d0b69cb4dcb13ce1e28ac312a62850360e34a187d0d
s390x
dnsmasq-2.48-13.el6.s390x.rpm SHA-256: 1f357125baedb325ac284b9a8f4b863475ad60b596abf632f72445ed378d86af
dnsmasq-debuginfo-2.48-13.el6.s390x.rpm SHA-256: e57d06fa36082978e7c83aa4c94be0332d6413cd2cf432b34c62409c49f39fc8
dnsmasq-debuginfo-2.48-13.el6.s390x.rpm SHA-256: e57d06fa36082978e7c83aa4c94be0332d6413cd2cf432b34c62409c49f39fc8
dnsmasq-utils-2.48-13.el6.s390x.rpm SHA-256: 75fbd19d897c771eb419376915875cb358df9d605c5fc78b7eb6280908f48ed6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter