MGASA-2020-0310

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0310.html

Import Source

https://advisories.mageia.org/MGASA-2020-0310.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0310

Related

CVE-2020-14312

Published

2020-07-31T23:25:42Z

Modified

2020-07-31T22:44:01Z

Summary

Updated dnsmasq packages fix security vulnerability

Details

Updated dnsmasq package fix insecure default configuration potentially making it an open resolver (CVE-2020-14312).

In its default configuration, dnsmasq listen and answer query from any address even outside of the local subnet. Thus, it may inadvertently become an open resolver which might be used in Distributed Denial of Service attacks.

This update add the option --local-service at startup which limits dnsmasq to listen only to machines on the same local network.

This option only works if there aren't any of the following options on cmdline or in dnsmasq.conf (without the double dash): --interface --except-interface --listen-address --auth-server

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / dnsmasq

Package

Name: dnsmasq
Purl: pkg:rpm/mageia/dnsmasq?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.80-5.3.mga7

Ecosystem specific

{
    "section": "core"
}