ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-19 03:06:35 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
e87c0d934c
openwrt/package
History
Hauke Mehrtens e87c0d934c dnsmasq: Update to version 2.83 
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 13:01:03 +01:00
..
base-files base-files: read all 3 bytes in get_magic_vfat() at once 2021-01-07 19:51:50 +01:00
boot uboot-at91: Add PKG_MIRROR_HASH to fix download 2021-01-18 22:10:14 +01:00
devel trace-cmd: update to 2.9.1 2021-01-01 19:55:59 +01:00
firmware linux-firmware: Add wil6210 firmware 2021-01-05 02:16:24 +00:00
kernel bcm63xx-cfe: enable package for bcm4908 2021-01-18 07:39:09 +01:00
libs mbedtls: update to 2.16.9 2021-01-18 00:49:14 +01:00
network dnsmasq: Update to version 2.83 2021-01-19 13:01:03 +01:00
system rpcd: update to git HEAD 2021-01-07 00:21:23 +00:00
utils lua: add -ldl for glibc builds 2021-01-06 15:38:57 -10:00
Makefile build: always build package/kernel/linux 2020-10-15 13:25:58 +02:00