ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-05 05:24:20 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
8055e38794
openwrt/package/network/services
History
Hauke Mehrtens 8055e38794 dnsmasq: Backport some security updates 
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 14:10:02 +01:00
..
dnsmasq dnsmasq: Backport some security updates 2021-01-19 14:10:02 +01:00
dropbear dropbear: allow build without dbclient 2019-04-18 22:34:19 +02:00
ead ead: use new protocol setting API since libpcap 1.9.0 2018-07-27 11:17:20 +02:00
hostapd hostapd: Fix compile errors after wolfssl update 2020-09-04 00:41:56 +02:00
igmpproxy igmpproxy: drop SSDP packets 2018-07-30 10:43:36 +02:00
ipset-dns ipset-dns: bump to git HEAD 2017-10-08 20:51:03 +03:00
lldpd lldpd: add option to edit hostname 2019-05-11 16:37:11 +02:00
odhcpd opkg: Fix PKG_MIRROR_HASH 2020-05-08 20:35:50 +02:00
omcproxy omcproxy: define configuration file 2019-02-27 10:26:14 +01:00
openvpn build: include BUILD_VARIANT in PKG_BUILD_DIR 2019-09-04 13:35:17 +02:00
openvpn-easy-rsa openvpn-easy-rsa: update to 3.0.4 2018-07-30 10:43:38 +02:00
ppp ppp: backport security fixes 2020-02-26 16:40:43 +01:00
relayd relayd: bump to version 2020-04-25 2020-04-27 10:58:16 +01:00
samba36 samba36: allow build with no ipv6 support 2019-02-17 19:22:39 +01:00
uhttpd uhttpd: update to 19.07 Git HEAD 2020-11-20 22:53:04 +01:00
umdns umdns: update to version 2020-04-25 2020-04-27 10:58:15 +01:00
wireguard wireguard: bump to 1.0.20200611 2020-07-04 19:22:36 +02:00