Red Hat Product Errata RHSA-2024:1544 - Security Advisory
Issued:
2024-03-27
Updated:
2024-03-27

RHSA-2024:1544 - Security Advisory

Synopsis

Important: dnsmasq security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dnsmasq is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The dnsmasq packages contain dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fixes:

  • dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 (CVE-2023-28450)
  • dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
  • dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

Bug Fix:

  • Segmentation fault occurs in dnsmasq-2.79-26 in RHEL8

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2178948 - CVE-2023-28450 dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232
  • BZ - 2263914 - CVE-2023-50387 bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
  • BZ - 2263917 - CVE-2023-50868 bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
dnsmasq-2.79-26.el8_8.4.src.rpm SHA-256: 77af8c91f014a1d89d74094a46e4b9e35c964fa719d9a5d4c970f69d00ed3646
x86_64
dnsmasq-2.79-26.el8_8.4.x86_64.rpm SHA-256: afd338d3670d228ec7bb1384d0819e04dc7220b2f288fabd36661fdd08424b46
dnsmasq-debuginfo-2.79-26.el8_8.4.x86_64.rpm SHA-256: 58555f61bb9c05650090b68e17e9402b321ccb02258e2e8e6b46a41b934e5254
dnsmasq-debugsource-2.79-26.el8_8.4.x86_64.rpm SHA-256: 505ba7f29f0f4059850c07d763f2b1198ce639c33b590b622bfca7e490e4418e
dnsmasq-utils-2.79-26.el8_8.4.x86_64.rpm SHA-256: 676cabcc1c743562c780407822c561a08bdb0836647894f0730484933082a4d3
dnsmasq-utils-debuginfo-2.79-26.el8_8.4.x86_64.rpm SHA-256: 42a74765fd20908ec99231d86e4c93acfabab5c24596d79d8cae7ad7edd4363b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
dnsmasq-2.79-26.el8_8.4.src.rpm SHA-256: 77af8c91f014a1d89d74094a46e4b9e35c964fa719d9a5d4c970f69d00ed3646
s390x
dnsmasq-2.79-26.el8_8.4.s390x.rpm SHA-256: e5e6024853aa25438e3966482f1d4e09672eb5822c63e83840ec5698d8f82b14
dnsmasq-debuginfo-2.79-26.el8_8.4.s390x.rpm SHA-256: b667f540c6bdabee0dc0eac38f82951d2f6df6b5b9990df559f63c784da6143a
dnsmasq-debugsource-2.79-26.el8_8.4.s390x.rpm SHA-256: 67b541319c78df67b980592b9c825f4e85650e531ca02397dd157c35edc18659
dnsmasq-utils-2.79-26.el8_8.4.s390x.rpm SHA-256: 632b44212f8a894b9ef9b0575570d2ae03da14ee5ace90c8f674b8fee59fe39c
dnsmasq-utils-debuginfo-2.79-26.el8_8.4.s390x.rpm SHA-256: 229ffec40a2baccc941300db92990e04aa526cd5bf26990fe8acee1a73f8d255

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
dnsmasq-2.79-26.el8_8.4.src.rpm SHA-256: 77af8c91f014a1d89d74094a46e4b9e35c964fa719d9a5d4c970f69d00ed3646
ppc64le
dnsmasq-2.79-26.el8_8.4.ppc64le.rpm SHA-256: e9d10ea8e9ce8050e2febffbb2582e2099cc3c02456ebf98b68d85271d2ae787
dnsmasq-debuginfo-2.79-26.el8_8.4.ppc64le.rpm SHA-256: ef02d2646f1a222e37949d5fbf0531004b2903fee6708f6d375d73a856f632ab
dnsmasq-debugsource-2.79-26.el8_8.4.ppc64le.rpm SHA-256: 95edd4c371933589edea3680fdc425d7c7fee182f6dc0760172499dd52f0bc46
dnsmasq-utils-2.79-26.el8_8.4.ppc64le.rpm SHA-256: 7bfccda24ef643d4689c5ea79a6ce0d4024a96c10b0f45467c2e4e39055babe4
dnsmasq-utils-debuginfo-2.79-26.el8_8.4.ppc64le.rpm SHA-256: 24387fea8561ce79460ef92891753a6a15d7abc1d1263788ef82feb9a3e458b5

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
dnsmasq-2.79-26.el8_8.4.src.rpm SHA-256: 77af8c91f014a1d89d74094a46e4b9e35c964fa719d9a5d4c970f69d00ed3646
x86_64
dnsmasq-2.79-26.el8_8.4.x86_64.rpm SHA-256: afd338d3670d228ec7bb1384d0819e04dc7220b2f288fabd36661fdd08424b46
dnsmasq-debuginfo-2.79-26.el8_8.4.x86_64.rpm SHA-256: 58555f61bb9c05650090b68e17e9402b321ccb02258e2e8e6b46a41b934e5254
dnsmasq-debugsource-2.79-26.el8_8.4.x86_64.rpm SHA-256: 505ba7f29f0f4059850c07d763f2b1198ce639c33b590b622bfca7e490e4418e
dnsmasq-utils-2.79-26.el8_8.4.x86_64.rpm SHA-256: 676cabcc1c743562c780407822c561a08bdb0836647894f0730484933082a4d3
dnsmasq-utils-debuginfo-2.79-26.el8_8.4.x86_64.rpm SHA-256: 42a74765fd20908ec99231d86e4c93acfabab5c24596d79d8cae7ad7edd4363b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
dnsmasq-2.79-26.el8_8.4.src.rpm SHA-256: 77af8c91f014a1d89d74094a46e4b9e35c964fa719d9a5d4c970f69d00ed3646
aarch64
dnsmasq-2.79-26.el8_8.4.aarch64.rpm SHA-256: 4cc1e9667f4bfeec4faf5b7c1c12fb5b68232d7a93483be6a8e0c53d070cb046
dnsmasq-debuginfo-2.79-26.el8_8.4.aarch64.rpm SHA-256: 86b3c97606e6cfb8b3396711ccf5a02701e9d54d75997945441fedbd2c89b473
dnsmasq-debugsource-2.79-26.el8_8.4.aarch64.rpm SHA-256: def325c7ca9eaf1811deea7685f4dc14241d38150f49a79d8c4ec0152d6605b9
dnsmasq-utils-2.79-26.el8_8.4.aarch64.rpm SHA-256: 52ec1d2f54ceb4ed3a1cc915989f7c7855336f5a4076696d962bfa6a6cbfcd94
dnsmasq-utils-debuginfo-2.79-26.el8_8.4.aarch64.rpm SHA-256: 975e212764f82ed085943444591a834e736fd10a2ac9107f9ffef620271c97b6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
dnsmasq-2.79-26.el8_8.4.src.rpm SHA-256: 77af8c91f014a1d89d74094a46e4b9e35c964fa719d9a5d4c970f69d00ed3646
ppc64le
dnsmasq-2.79-26.el8_8.4.ppc64le.rpm SHA-256: e9d10ea8e9ce8050e2febffbb2582e2099cc3c02456ebf98b68d85271d2ae787
dnsmasq-debuginfo-2.79-26.el8_8.4.ppc64le.rpm SHA-256: ef02d2646f1a222e37949d5fbf0531004b2903fee6708f6d375d73a856f632ab
dnsmasq-debugsource-2.79-26.el8_8.4.ppc64le.rpm SHA-256: 95edd4c371933589edea3680fdc425d7c7fee182f6dc0760172499dd52f0bc46
dnsmasq-utils-2.79-26.el8_8.4.ppc64le.rpm SHA-256: 7bfccda24ef643d4689c5ea79a6ce0d4024a96c10b0f45467c2e4e39055babe4
dnsmasq-utils-debuginfo-2.79-26.el8_8.4.ppc64le.rpm SHA-256: 24387fea8561ce79460ef92891753a6a15d7abc1d1263788ef82feb9a3e458b5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
dnsmasq-2.79-26.el8_8.4.src.rpm SHA-256: 77af8c91f014a1d89d74094a46e4b9e35c964fa719d9a5d4c970f69d00ed3646
x86_64
dnsmasq-2.79-26.el8_8.4.x86_64.rpm SHA-256: afd338d3670d228ec7bb1384d0819e04dc7220b2f288fabd36661fdd08424b46
dnsmasq-debuginfo-2.79-26.el8_8.4.x86_64.rpm SHA-256: 58555f61bb9c05650090b68e17e9402b321ccb02258e2e8e6b46a41b934e5254
dnsmasq-debugsource-2.79-26.el8_8.4.x86_64.rpm SHA-256: 505ba7f29f0f4059850c07d763f2b1198ce639c33b590b622bfca7e490e4418e
dnsmasq-utils-2.79-26.el8_8.4.x86_64.rpm SHA-256: 676cabcc1c743562c780407822c561a08bdb0836647894f0730484933082a4d3
dnsmasq-utils-debuginfo-2.79-26.el8_8.4.x86_64.rpm SHA-256: 42a74765fd20908ec99231d86e4c93acfabab5c24596d79d8cae7ad7edd4363b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.