RedHat has issued an advisory today (January 19):
The issues are fixed upstream in 2.83.
Mageia 7 is also affected.
Fixed upstream in 2.83
New version 2.83 - Fixes CVE-2020-2568[1-7] (mga#28169)
Just commited in Cauldron by neoclust; which I imagine fixes M8.
Assigning to pkg maintainer Julien for Mageia 7.
Fixed in Cauldron in dnsmasq-2.83-1.mga8.
Ubuntu has issued an advisory for this on January 19:
openSUSE has issued an advisory for this today (January 20):
I just uploaded dnsmasq 2.83-1.mga7 to updates_testing to fix this issue.
Here is a tentative advisory:
Updated dnsmasq packages fix security vulnerability:
Multiples vulnerabilities have been discovered in dnsmasq up to version 2.82:
- subtle errors in dnsmasq's protections against cache-poisoning attacks
(CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686)
- buffer overflow in dnsmasq's DNSSEC code (CVE-2020-25681,
CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687)
Updated packages in core/updates_testing:
can you please test this update of dnsmasq.
You can find a procedure to test the update here (disregard the dnsmasq-base package which doesn't exist anymore):
Installed and tested without issues.
I use dnsmasq to provide DNS for a LAN and VPN. Lots of stuff is blocked at the DNS level.
I don't use dnsmasq's DHCP so only the DNS part was tested.
System: Mageia 7, x86_64, Intel CPU.
$ uname -a
Linux marte 5.10.8-desktop-2.mga7 #1 SMP Mon Jan 18 01:49:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q dnsmasq
$ lsof -n | grep IPv.*:domain
dnsmasq 2813 dnsmasq 4u IPv4 352310 0t0 UDP *:domain
dnsmasq 2813 dnsmasq 5u IPv4 352311 0t0 TCP *:domain (LISTEN)
dnsmasq 2813 dnsmasq 6u IPv6 352312 0t0 UDP *:domain
dnsmasq 2813 dnsmasq 7u IPv6 352313 0t0 TCP *:domain (LISTEN)
$ systemctl status dnsmasq.service
● dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-01-20 22:18:08 WET; 8min ago
Main PID: 2813 (dnsmasq)
Tasks: 1 (limit: 4668)
└─2813 /usr/sbin/dnsmasq -k --local-service
jan 20 22:18:08 marte systemd: Started DNS caching server..
jan 20 22:18:08 marte dnsmasq: started, version 2.83 cachesize 150
jan 20 22:18:08 marte dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC loop-detect inotify dumpfile
jan 20 22:18:08 marte dnsmasq: using nameserver 192.168.1.1#53
jan 20 22:18:08 marte dnsmasq: read /etc/hosts - 12 addresses
Fedora has issued an advisory for this today (January 21):
This update has been working for over a week without issues (see comment 8). The DNS part are working without issues. I've not used the DHCP features. Will OK this for x86_64 to push this forward since it is a security update. Please undo as needed.
Advisory committed to svn. Validating based on comment 10.
An update for this issue has been pushed to the Mageia Updates repository.