Openshift Container Platform 3.11 - DNSpooq - Multiple vulnerabilities within dnsmasq.

Issue

Red Hat is aware of multiple issues within dnsmasq that have been branded as DNSpooq. Dnsmasq is a lightweight tool designed to provide network services including DNS and DHCP for private networks and virtualization environments. These issues are in the Domain Name System (DNS) service provided by dnsmasq and could be used by a remote attacker, with some degree of control over a dnsmasq client system, to redirect users to incorrect sites or to execute code on the machine which is hosting dnsmasq.

Two of these flaws (CVE-2020-25681 and CVE-2020-25682) have a severity impact rating of Important due to the ability to remotely execute code on a dnsmasq machine. CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, and CVE-2020-25687 have a severity impact rating of Moderate .

CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, and CVE-2020-25687 requires DNSSEC to be compiled and enabled in the dnsmasq configuration. As a result, the following Red Hat product versions are impacted when using non-default configuration:
Red Hat Enterprise Linux 8

CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686 may allow an attacker to poison the DNS cache and redirect victim users to incorrect sites. They impact the following Red Hat product versions:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8

The following Red Hat products are potentially impacted as they pull dnsmasq from the Red Hat Enterprise Linux channel. Please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current and reference the libvirt use case for more information.
Red Hat OpenShift Container Platform 3.11

To determine if your system is currently vulnerable to these flaws, see the Diagnose section below.