Red Hat Product Errata RHSA-2017:2837 - Security Advisory

Issued:: 2017-10-02
Updated:: 2017-10-02

RHSA-2017:2837 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: dnsmasq security update

Type/Severity

Security Advisory: Critical

Topic

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.2 Extended Update Support and Red Hat Enterprise Linux 7.3 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493)
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494)

Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.2 x86_64
Red Hat Enterprise Linux Server - AUS 7.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.2 x86_64
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2 ppc64le
Red Hat Enterprise Linux Server - TUS 7.3 x86_64
Red Hat Enterprise Linux Server - TUS 7.2 x86_64
Red Hat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.2 x86_64

Fixes

BZ - 1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies
BZ - 1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code
BZ - 1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code
BZ - 1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Update Support 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
x86_64
dnsmasq-2.66-21.el7_3.2.x86_64.rpm	SHA-256: 79b2584cea1b788a69422c0e171af6b6fbbe01ee9416cb512ead15032be4c52b
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm	SHA-256: d22ce5e235a82870ffae0e4da69441a20eb698411ad981ea0dbfcde38fa4f11c

Red Hat Enterprise Linux Server - Extended Update Support 7.2

SRPM
dnsmasq-2.66-14.el7_2.2.src.rpm	SHA-256: 6ee6bc740d1a52c4faa157fa6ca706a1d0e8df6d0c660224a1d56a62bf940b26
x86_64
dnsmasq-2.66-14.el7_2.2.x86_64.rpm	SHA-256: a325060c12dcecb7eb48725f22e4da3d41f796a0befa862cba6fcc833577922b
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm	SHA-256: f85efdc59c4c8a705402b41be4e26e578e8a4109da203a8cf6ce8cf36a783fed

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
s390x
dnsmasq-2.66-21.el7_3.2.s390x.rpm	SHA-256: accd15feae9ec7bd64903d520c3f7f990ae3f5e8495d96a207217dec52edf134
dnsmasq-debuginfo-2.66-21.el7_3.2.s390x.rpm	SHA-256: 85d28faead47360feed8900a824f63d8cc8f6b028e54e5d78b896855526c06e0
dnsmasq-debuginfo-2.66-21.el7_3.2.s390x.rpm	SHA-256: 85d28faead47360feed8900a824f63d8cc8f6b028e54e5d78b896855526c06e0
dnsmasq-utils-2.66-21.el7_3.2.s390x.rpm	SHA-256: 5b9e663868a697c6f828e4ce0668a0b9e892165f4e2afd4bed0c92066f221c6b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2

SRPM
dnsmasq-2.66-14.el7_2.2.src.rpm	SHA-256: 6ee6bc740d1a52c4faa157fa6ca706a1d0e8df6d0c660224a1d56a62bf940b26
s390x
dnsmasq-2.66-14.el7_2.2.s390x.rpm	SHA-256: e7a7b6cf8e9c18e9b1fc9d34b390b99e798b4d55906b5004967ee1c8ec95b817
dnsmasq-debuginfo-2.66-14.el7_2.2.s390x.rpm	SHA-256: 2d3bc2ff80b0af986c98adb67e75375b8ce86c92b1a5d544154cfa1a93568844
dnsmasq-debuginfo-2.66-14.el7_2.2.s390x.rpm	SHA-256: 2d3bc2ff80b0af986c98adb67e75375b8ce86c92b1a5d544154cfa1a93568844
dnsmasq-utils-2.66-14.el7_2.2.s390x.rpm	SHA-256: ca61459d7d3dd29b5ba1fc532ed0de0881e9eebe693c393dc8264af29b23be67

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
ppc64
dnsmasq-2.66-21.el7_3.2.ppc64.rpm	SHA-256: a5390bfea376eb1c887bc67834f84ed60dd80ced6d9e68d509c5179e1f5ebad9
dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64.rpm	SHA-256: ff7879be460f699c8005eff57bcd5709d4253900f3aa002d378b37de68e80916
dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64.rpm	SHA-256: ff7879be460f699c8005eff57bcd5709d4253900f3aa002d378b37de68e80916
dnsmasq-utils-2.66-21.el7_3.2.ppc64.rpm	SHA-256: 6513f50cbec5efcb4f214f937fb40593fc7a593943eee8d607dc62a5c9030971

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2

SRPM
dnsmasq-2.66-14.el7_2.2.src.rpm	SHA-256: 6ee6bc740d1a52c4faa157fa6ca706a1d0e8df6d0c660224a1d56a62bf940b26
ppc64
dnsmasq-2.66-14.el7_2.2.ppc64.rpm	SHA-256: ef4775362050a371d4e1dada5cd3acba2eff7979837edf52f3d90e1917bf9100
dnsmasq-debuginfo-2.66-14.el7_2.2.ppc64.rpm	SHA-256: 40bbcb7c36d81b8898e0eb495e1c11c37bf967eca3c9f92bf535d288fa9ba9e0
dnsmasq-debuginfo-2.66-14.el7_2.2.ppc64.rpm	SHA-256: 40bbcb7c36d81b8898e0eb495e1c11c37bf967eca3c9f92bf535d288fa9ba9e0
dnsmasq-utils-2.66-14.el7_2.2.ppc64.rpm	SHA-256: c3bd9f379e6f5e98370199bf98dde2eeb9886c2665b13d25eb0f380f06da4aba

Red Hat Enterprise Linux EUS Compute Node 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
x86_64
dnsmasq-2.66-21.el7_3.2.x86_64.rpm	SHA-256: 79b2584cea1b788a69422c0e171af6b6fbbe01ee9416cb512ead15032be4c52b
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm	SHA-256: d22ce5e235a82870ffae0e4da69441a20eb698411ad981ea0dbfcde38fa4f11c

Red Hat Enterprise Linux EUS Compute Node 7.2

SRPM
dnsmasq-2.66-14.el7_2.2.src.rpm	SHA-256: 6ee6bc740d1a52c4faa157fa6ca706a1d0e8df6d0c660224a1d56a62bf940b26
x86_64
dnsmasq-2.66-14.el7_2.2.x86_64.rpm	SHA-256: a325060c12dcecb7eb48725f22e4da3d41f796a0befa862cba6fcc833577922b
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm	SHA-256: f85efdc59c4c8a705402b41be4e26e578e8a4109da203a8cf6ce8cf36a783fed

Red Hat Enterprise Linux Server - AUS 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
x86_64
dnsmasq-2.66-21.el7_3.2.x86_64.rpm	SHA-256: 79b2584cea1b788a69422c0e171af6b6fbbe01ee9416cb512ead15032be4c52b
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm	SHA-256: d22ce5e235a82870ffae0e4da69441a20eb698411ad981ea0dbfcde38fa4f11c

Red Hat Enterprise Linux Server - AUS 7.2

SRPM
dnsmasq-2.66-14.el7_2.2.src.rpm	SHA-256: 6ee6bc740d1a52c4faa157fa6ca706a1d0e8df6d0c660224a1d56a62bf940b26
x86_64
dnsmasq-2.66-14.el7_2.2.x86_64.rpm	SHA-256: a325060c12dcecb7eb48725f22e4da3d41f796a0befa862cba6fcc833577922b
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm	SHA-256: f85efdc59c4c8a705402b41be4e26e578e8a4109da203a8cf6ce8cf36a783fed

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
ppc64le
dnsmasq-2.66-21.el7_3.2.ppc64le.rpm	SHA-256: afeb1a248429707e9501e203a08e8b3a816ec4e56c2624efd25e4b3267f433ca
dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64le.rpm	SHA-256: de4d3f92d0b2997d6fea60f91f56d22e18c71b263ba4b7ec5d78a40ab4778c40
dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64le.rpm	SHA-256: de4d3f92d0b2997d6fea60f91f56d22e18c71b263ba4b7ec5d78a40ab4778c40
dnsmasq-utils-2.66-21.el7_3.2.ppc64le.rpm	SHA-256: ac3104bb2a3ff655d1c2e886874386c8c1b18d49faadeb99e6a6572fcffe06b9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2

SRPM
dnsmasq-2.66-14.el7_2.2.src.rpm	SHA-256: 6ee6bc740d1a52c4faa157fa6ca706a1d0e8df6d0c660224a1d56a62bf940b26
ppc64le
dnsmasq-2.66-14.el7_2.2.ppc64le.rpm	SHA-256: 7649900187c9d88488b6608189225dc38daa99b5f6e7a797ad0a2f1a9fc5c99a
dnsmasq-debuginfo-2.66-14.el7_2.2.ppc64le.rpm	SHA-256: 8ccd9f7dc60f26256749c6fafa03fc3016ae6acefe5f998b09ed07693e61c4c7
dnsmasq-debuginfo-2.66-14.el7_2.2.ppc64le.rpm	SHA-256: 8ccd9f7dc60f26256749c6fafa03fc3016ae6acefe5f998b09ed07693e61c4c7
dnsmasq-utils-2.66-14.el7_2.2.ppc64le.rpm	SHA-256: c34bd304590c4df605270bbacc1e444833196bbe94dabf6d7d4af1f0d352450e

Red Hat Enterprise Linux Server - TUS 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
x86_64
dnsmasq-2.66-21.el7_3.2.x86_64.rpm	SHA-256: 79b2584cea1b788a69422c0e171af6b6fbbe01ee9416cb512ead15032be4c52b
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm	SHA-256: d22ce5e235a82870ffae0e4da69441a20eb698411ad981ea0dbfcde38fa4f11c

Red Hat Enterprise Linux Server - TUS 7.2

SRPM
dnsmasq-2.66-14.el7_2.2.src.rpm	SHA-256: 6ee6bc740d1a52c4faa157fa6ca706a1d0e8df6d0c660224a1d56a62bf940b26
x86_64
dnsmasq-2.66-14.el7_2.2.x86_64.rpm	SHA-256: a325060c12dcecb7eb48725f22e4da3d41f796a0befa862cba6fcc833577922b
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm	SHA-256: f85efdc59c4c8a705402b41be4e26e578e8a4109da203a8cf6ce8cf36a783fed

Red Hat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
ppc64le
dnsmasq-2.66-21.el7_3.2.ppc64le.rpm	SHA-256: afeb1a248429707e9501e203a08e8b3a816ec4e56c2624efd25e4b3267f433ca
dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64le.rpm	SHA-256: de4d3f92d0b2997d6fea60f91f56d22e18c71b263ba4b7ec5d78a40ab4778c40
dnsmasq-debuginfo-2.66-21.el7_3.2.ppc64le.rpm	SHA-256: de4d3f92d0b2997d6fea60f91f56d22e18c71b263ba4b7ec5d78a40ab4778c40
dnsmasq-utils-2.66-21.el7_3.2.ppc64le.rpm	SHA-256: ac3104bb2a3ff655d1c2e886874386c8c1b18d49faadeb99e6a6572fcffe06b9

Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.3

SRPM
dnsmasq-2.66-21.el7_3.2.src.rpm	SHA-256: 9c37bb6d4379f30612ab66b4dcd119e9cf9b18177ec4f9fa58a328d421e80dac
x86_64
dnsmasq-2.66-21.el7_3.2.x86_64.rpm	SHA-256: 79b2584cea1b788a69422c0e171af6b6fbbe01ee9416cb512ead15032be4c52b
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-debuginfo-2.66-21.el7_3.2.x86_64.rpm	SHA-256: e34440ece5e0d8432259edda8aa7e1aaacce56509ff67c7d9ea6e6799a20de44
dnsmasq-utils-2.66-21.el7_3.2.x86_64.rpm	SHA-256: d22ce5e235a82870ffae0e4da69441a20eb698411ad981ea0dbfcde38fa4f11c

Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.2

SRPM
dnsmasq-2.66-14.el7_2.2.src.rpm	SHA-256: 6ee6bc740d1a52c4faa157fa6ca706a1d0e8df6d0c660224a1d56a62bf940b26
x86_64
dnsmasq-2.66-14.el7_2.2.x86_64.rpm	SHA-256: a325060c12dcecb7eb48725f22e4da3d41f796a0befa862cba6fcc833577922b
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-debuginfo-2.66-14.el7_2.2.x86_64.rpm	SHA-256: bbfe630122307bc4c939e7750dbafa7bcc865016bdc302a7afa89aaefb9babde
dnsmasq-utils-2.66-14.el7_2.2.x86_64.rpm	SHA-256: f85efdc59c4c8a705402b41be4e26e578e8a4109da203a8cf6ce8cf36a783fed

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.