Red Hat Security Advisory 2021-0240-01

Red Hat Security Advisory 2021-0240-01: Posted Jan 25, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0240-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server.; tags | advisory; systems | linux, redhat; advisories | CVE-2020-25684, CVE-2020-25685, CVE-2020-25686; SHA-256 | c2e3eb73bcb1335246ba4b75aa396d2cda0e351c17f60e52b2aed87cda2e30f6; Download | Favorite | View

Red Hat Security Advisory 2021-0240-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: dnsmasq security update
Advisory ID:       RHSA-2021:0240-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0240
Issue date:        2021-01-25
CVE Names:         CVE-2020-25684 CVE-2020-25685 CVE-2020-25686
====================================================================
1. Summary:

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64

3. Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name
Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

* dnsmasq: loose address/port check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25684)

* dnsmasq: loose query name check in reply_query() makes forging replies
easier for an off-path attacker (CVE-2020-25685)

* dnsmasq: multiple queries forwarded for the same name makes forging
replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker
1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
dnsmasq-2.66-14.el7_2.3.src.rpm

x86_64:
dnsmasq-2.66-14.el7_2.3.x86_64.rpm
dnsmasq-debuginfo-2.66-14.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
dnsmasq-debuginfo-2.66-14.el7_2.3.x86_64.rpm
dnsmasq-utils-2.66-14.el7_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-001

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYA7UVtzjgjWX9erEAQi76RAAgT6h7h34shWvBegp7irDxHHbsozWD3tl
D6+hJqD+/NWTgG3zmsJJrdauceSTcdfTlNKLTg4NaJlRu7nloIlTVN5bnZ2NGxIZ
t8wVjZrdGpp2IS5WqCkL7D4LWDcSC/CFRJvRcQBbQVWDq4p2vQcrRdfNBzSfjVj3
SRvXXfHKoZpR/Vc3FUfnn8zT0SUPGBYKX8fXuSIT6pQWtyB5kMdSx21Ehzw27eTr
lRq/cqPLGpATU+yOc6dP0F1v7dObmUPOFQn3gkAsjVxJ2GA6jnp0xpA/JpRRdGQI
pMfuAH6mLD2PUUDbjEY18B5oQ47VQI48hWhXBvXRXpphJArhiqzNRJlBdtnfdPJY
2n0MdfTbzFcARX/r/cdiKhSDrPVwzR+2JfCs2zcJjhsateQMb+xr6+bFOgkMaTGl
8+MQIG3Xrckw7dRIdK/InChD+c/6LzTccZoyRBwF6ym7M7wT95tkS7tlwR7hro24
DfXWdeQK9BS3+oSCW+HVLl8J6czfcr+DTbhJv3G5Ak/iKI6Eoz/qXSW8NqfJhMxJ
bmgg5qVqEaEDXmGcebfa5YGIERYIrCjooSPgzKe6u2utGpUHk/M4+tSTsg3qPclL
6eLbM1Y+XCZDPVnYbynYgaR25J9s1eeEPNQKb+dEZrI0fAoZ7sL8ewypIWNXzg1w
CER5JgCFfRsCv
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 15 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Red Hat Security Advisory 2021-0240-01

Red Hat Security Advisory 2021-0240-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2021-0240-01

Share This

Red Hat Security Advisory 2021-0240-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems