Security update for dnsmasq
| Announcement ID: | SUSE-SU-2025:20118-1 |
|---|---|
| Release Date: | 2025-02-03T09:22:41Z |
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
This update for dnsmasq fixes the following issues:
-
Update to 2.90:
-
CVE-2023-50387, CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses (bsc#1219823, bsc#1219826).
- Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix length is not exactly divisible by 8 (IPv4) or 4 (IPv6).
- Fix possible SEGV when there server(s) for a particular domain are configured, but no server which is not qualified for a particular domain.
- Set the default maximum DNS UDP packet sice to 1232.
- Add --no-dhcpv4-interface and --no-dhcpv6-interface for better control over which interfaces are providing DHCP service.
- Fix issue with stale caching
- Add configurable caching for arbitrary RR-types.
-
Add --filter-rr option, to filter arbitrary RR-types.
-
SLP got dropped, remove config (bsc#1214884)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Micro 6.0
zypper in -t patch SUSE-SLE-Micro-6.0-185=1
Package List:
-
SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
- dnsmasq-debugsource-2.90-1.1
- dnsmasq-debuginfo-2.90-1.1
- dnsmasq-2.90-1.1
References:
- https://www.suse.com/security/cve/CVE-2023-28450.html
- https://www.suse.com/security/cve/CVE-2023-50387.html
- https://www.suse.com/security/cve/CVE-2023-50868.html
- https://bugzilla.suse.com/show_bug.cgi?id=1214884
- https://bugzilla.suse.com/show_bug.cgi?id=1219823
- https://bugzilla.suse.com/show_bug.cgi?id=1219826