SUSE has issued an advisory on December 5: http://lists.suse.com/pipermail/sle-security-updates/2019-December/006208.html Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning to the registered maintainer; CC recent committers of the SRPM.
CC: (none) => geiger.david68210, tmbAssignee: bugsquad => julien.moragny
Taking the bug as I'm already working on it
Assignee: julien.moragny => tmb
openSUSE has issued an advisory for this on December 11: https://lists.opensuse.org/opensuse-updates/2019-12/msg00075.html
Fixed in Cauldron in dnsmasq-2.80-10.mga8 Package to test for Mga 7: dnsmasq-2.80-5.2.mga7
Assignee: tmb => qa-bugsWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
Installed and tested without issues. Tested DNS capabilities. No issues noticed after several hours of usage on the network. Did NOT test DHCP capabilities. System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.4.2-desktop-1.mga7 #1 SMP Thu Dec 5 17:40:00 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q dnsmasq dnsmasq-2.80-5.2.mga7 $ systemctl status dnsmasq.service * dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2019-12-13 17:56:54 WET; 4h 23min ago Main PID: 13668 (dnsmasq) Memory: 1.3M CGroup: /system.slice/dnsmasq.service `-13668 /usr/sbin/dnsmasq -k Dec 13 17:56:54 marte systemd[1]: Started DNS caching server.. Dec 13 17:56:54 marte dnsmasq[13668]: started, version 2.80 cachesize 150 Dec 13 17:56:54 marte dnsmasq[13668]: compile time options: IPv6 GNU-getopt DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile Dec 13 17:56:54 marte dnsmasq[13668]: using nameserver 192.168.1.1#53 Dec 13 17:56:54 marte dnsmasq[13668]: read /etc/hosts - 9 addresses
CC: (none) => mageia
Advisory, added to svn: type: security subject: Updated dnsmasq packages fix security vulnerability CVE: - CVE-2019-14834 src: 7: core: - dnsmasq-2.80-5.2.mga7 description: | A vulnerability was found in dnsmsq through version 2.90, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. (CVE-2019-14834) references: - https://bugs.mageia.org/show_bug.cgi?id=25854 - http://lists.suse.com/pipermail/sle-security-updates/2019-December/006208.html
Keywords: (none) => advisory
Adding an OK and validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0392.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED