ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-05 05:24:20 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
3bd8f660a4
openwrt/package/network/services
History
Hauke Mehrtens e87c0d934c dnsmasq: Update to version 2.83 
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 13:01:03 +01:00
..
dnsmasq dnsmasq: Update to version 2.83 2021-01-19 13:01:03 +01:00
dropbear dropbear: bump package version 2020-12-11 13:48:24 +01:00
ead ead: fix resource leak in tinysrp 2020-01-05 19:36:46 +01:00
hostapd hostapd: fix setting wps_state to "not configured" 2021-01-15 18:17:45 +01:00
igmpproxy igmpproxy: remove some bashism 2020-06-23 20:00:16 +02:00
ipset-dns base-files: move /tmp/resolv.conf.auto to /tmp/resolv.conf.d/ 2020-01-07 15:36:03 +02:00
lldpd lldpd: fix autoreconf failure 2020-12-09 12:36:40 +01:00
odhcpd odhcpd: bump to latest version 2021-01-04 08:01:16 +01:00
omcproxy omcproxy: define configuration file 2019-02-27 10:26:14 +01:00
ppp ppp: Remove already applied patch 2021-01-01 19:55:59 +01:00
relayd relayd: bump to version 2020-04-25 2020-04-26 13:00:36 +01:00
uhttpd uhttpd: don't redirect to HTTPS by default 2020-12-20 10:36:51 +01:00
umdns umdns: add check for seccomp list 2020-11-30 10:38:13 +00:00
wireguard wireguard: bump to 1.0.20201112 2020-11-12 13:28:38 +01:00