diff options
| author |   Armin Kuster <akuster@mvista.com> | 2021-09-10 15:16:48 -0700 |
|---|---|---|
| committer | Armin Kuster <akuster@mvista.com> | 2021-09-10 15:16:48 -0700 |
| commit | 2e7e98cd0cb82db214b13224c71134b9335a719b (patch) | |
| tree | 758e6fa5bef92a11521ea0a07b06ea40ab01887d /meta-networking/recipes-support/dnsmasq/dnsmasq_2.81.bb | |
| parent | 06d80777f47891ec876b55212790deb5fef9116e (diff) | |
| download | meta-openembedded-2e7e98cd0cb82db214b13224c71134b9335a719b.tar.gz | |
dnsmasq: Security fix CVE-2021-3448
Source: https://thekelleys.org.uk/dnsmasq.git
MR: 110238
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
ChangeID: 3365bcc47b0467b487f14fc6bfad89bc560cd818
Description:
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta-networking/recipes-support/dnsmasq/dnsmasq_2.81.bb')
| -rw-r--r-- | meta-networking/recipes-support/dnsmasq/dnsmasq_2.81.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.81.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.81.bb index a1dc0f3a0a..2fb389915b 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.81.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.81.bb @@ -10,4 +10,5 @@ SRC_URI += "\ file://CVE-2020-25685-2.patch \ file://CVE-2020-25686-1.patch \ file://CVE-2020-25686-2.patch \ + file://CVE-2021-3448.patch \ " |