Synopsis
Moderate: dnsmasq security update
Type/Severity
Security Advisory: Moderate
Topic
An update for dnsmasq is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
- dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
- dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
- dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
-
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
-
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
-
Red Hat Enterprise Linux for Power 9 7 ppc64le
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
-
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Fixes
-
BZ - 1889686
- CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
-
BZ - 1889688
- CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
-
BZ - 1890125
- CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| x86_64 |
|
dnsmasq-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: e2de2356823a0a9ff4ac840d351b608f4b3372cb5c0b2354f67842d8b44b4721 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: b6506e04e5971428a468ee3dd9f2fdbb54fd1f15d7ef1a958e0384a0307f4d3b |
Red Hat Enterprise Linux Server - AUS 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| x86_64 |
|
dnsmasq-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: e2de2356823a0a9ff4ac840d351b608f4b3372cb5c0b2354f67842d8b44b4721 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: b6506e04e5971428a468ee3dd9f2fdbb54fd1f15d7ef1a958e0384a0307f4d3b |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| s390x |
|
dnsmasq-2.76-7.el7_6.2.s390x.rpm
|
SHA-256: f4853087e75e26b72920f51fddd95d7a2c9921778c3e6901b27c669c19f0ffa6 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm
|
SHA-256: 77127481a2f73f32dc88c42bbd30a6906a631a3bedf9b6d4c724b98c4aa4eff2 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm
|
SHA-256: 77127481a2f73f32dc88c42bbd30a6906a631a3bedf9b6d4c724b98c4aa4eff2 |
|
dnsmasq-utils-2.76-7.el7_6.2.s390x.rpm
|
SHA-256: 7e57551f2f69cd288cb90df2d5db1566ef47ba238c10f8a829d957c09d105d81 |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| ppc64 |
|
dnsmasq-2.76-7.el7_6.2.ppc64.rpm
|
SHA-256: 8974200e6b1895dd06c668fb7530483ae1284d27ffff3a0bdeabf71228cde2a8 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64.rpm
|
SHA-256: 26dc07cfd78913adca78b2cefe4a2ba6980a22ad72e9aa22780a4bdfb854f798 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64.rpm
|
SHA-256: 26dc07cfd78913adca78b2cefe4a2ba6980a22ad72e9aa22780a4bdfb854f798 |
|
dnsmasq-utils-2.76-7.el7_6.2.ppc64.rpm
|
SHA-256: ca082c85bb2d7bfcf281abc21ad66e5dba44476737e33f04ab76b68c07b43414 |
Red Hat Enterprise Linux EUS Compute Node 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| x86_64 |
|
dnsmasq-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: e2de2356823a0a9ff4ac840d351b608f4b3372cb5c0b2354f67842d8b44b4721 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: b6506e04e5971428a468ee3dd9f2fdbb54fd1f15d7ef1a958e0384a0307f4d3b |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| ppc64le |
|
dnsmasq-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: 07c3aa55fc2d6dbb1280d2804eb900eb4ad5fc8c4962a1248b7eb7c5be4db3b5 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: f83b5d5c776daa29c21b5271cda5498e1126c7d42dc1951d89fa4906e0c81965 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: f83b5d5c776daa29c21b5271cda5498e1126c7d42dc1951d89fa4906e0c81965 |
|
dnsmasq-utils-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: 0b738e4f49fef33e95fb361457d845dc1a270a766794cf6d201e3d01f6932978 |
Red Hat Enterprise Linux Server - TUS 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| x86_64 |
|
dnsmasq-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: e2de2356823a0a9ff4ac840d351b608f4b3372cb5c0b2354f67842d8b44b4721 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: b6506e04e5971428a468ee3dd9f2fdbb54fd1f15d7ef1a958e0384a0307f4d3b |
Red Hat Enterprise Linux for Power 9 7
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| ppc64le |
|
dnsmasq-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: 07c3aa55fc2d6dbb1280d2804eb900eb4ad5fc8c4962a1248b7eb7c5be4db3b5 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: f83b5d5c776daa29c21b5271cda5498e1126c7d42dc1951d89fa4906e0c81965 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: f83b5d5c776daa29c21b5271cda5498e1126c7d42dc1951d89fa4906e0c81965 |
|
dnsmasq-utils-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: 0b738e4f49fef33e95fb361457d845dc1a270a766794cf6d201e3d01f6932978 |
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| ppc64le |
|
dnsmasq-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: 07c3aa55fc2d6dbb1280d2804eb900eb4ad5fc8c4962a1248b7eb7c5be4db3b5 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: f83b5d5c776daa29c21b5271cda5498e1126c7d42dc1951d89fa4906e0c81965 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: f83b5d5c776daa29c21b5271cda5498e1126c7d42dc1951d89fa4906e0c81965 |
|
dnsmasq-utils-2.76-7.el7_6.2.ppc64le.rpm
|
SHA-256: 0b738e4f49fef33e95fb361457d845dc1a270a766794cf6d201e3d01f6932978 |
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| x86_64 |
|
dnsmasq-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: e2de2356823a0a9ff4ac840d351b608f4b3372cb5c0b2354f67842d8b44b4721 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: 78431f1fe82ab3d021f5694b74eb751eeef75e028f36b1f0201f1a1c75ad066d |
|
dnsmasq-utils-2.76-7.el7_6.2.x86_64.rpm
|
SHA-256: b6506e04e5971428a468ee3dd9f2fdbb54fd1f15d7ef1a958e0384a0307f4d3b |
Red Hat Enterprise Linux for IBM System z (Structure A) 7
| SRPM |
|
dnsmasq-2.76-7.el7_6.2.src.rpm
|
SHA-256: d4d05db2547a6dd64fec4bbb9e7e9580363e207ca8aa7f5971247db8e7d95964 |
| s390x |
|
dnsmasq-2.76-7.el7_6.2.s390x.rpm
|
SHA-256: f4853087e75e26b72920f51fddd95d7a2c9921778c3e6901b27c669c19f0ffa6 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm
|
SHA-256: 77127481a2f73f32dc88c42bbd30a6906a631a3bedf9b6d4c724b98c4aa4eff2 |
|
dnsmasq-debuginfo-2.76-7.el7_6.2.s390x.rpm
|
SHA-256: 77127481a2f73f32dc88c42bbd30a6906a631a3bedf9b6d4c724b98c4aa4eff2 |
|
dnsmasq-utils-2.76-7.el7_6.2.s390x.rpm
|
SHA-256: 7e57551f2f69cd288cb90df2d5db1566ef47ba238c10f8a829d957c09d105d81 |