USN-4976-2: Dnsmasq vulnerability
7 September 2022
Dnsmasq could be exposed to cache poisoning.
Releases
Packages
- dnsmasq - Small caching DNS proxy and DHCP/TFTP server
Details
USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix
some security issues.
Original advisory details:
Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in
certain configurations. A remote attacker could possibly use this issue to
facilitate DNS cache poisoning attacks.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
dnsmasq
-
2.79-1ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
-
dnsmasq-utils
-
2.79-1ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
-
dnsmasq-base
-
2.79-1ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Related notices
- USN-4976-1: dnsmasq-base-lua, dnsmasq-base, dnsmasq, dnsmasq-utils