Package "dnsmasq-base-lua"
| Name: |
dnsmasq-base-lua
|
Description: |
Small caching DNS proxy and DHCP/TFTP server - executable, Lua-enabled
|
| Latest version: |
2.90-2ubuntu0.3 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
dnsmasq |
| Homepage: |
https://www.thekelleys.org.uk/dnsmasq/doc.html |
Links
Download "dnsmasq-base-lua"
Other versions of "dnsmasq-base-lua" in Noble
Changelog
|
dnsmasq (2.90-2ubuntu0.3) noble-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow on malicious caches in DNS
forwarding.
- debian/patches/CVE-2026-2291.patch: Expand char name size in
src/dnsmasq.h.
- CVE-2026-2291
* SECURITY UPDATE: NSEC bitmap parsing infinite loop
- debian/patches/CVE-2026-4890.patch: Correct erroneous iteration index
in src/dnssec.c
- CVE-2026-4890
* SECURITY UPDATE: Unbounded length field in RRSIG packets.
- debian/patches/CVE-2026-4891.patch: Validate rdlen in src/dnssec.c
- CVE-2026-4891
* SECURITY UPDATE: Buffer overflow in create_helper
- debian/patches/CVE-2026-4892.patch: Add upper bound to for loop in
src/helper.c
- CVE-2026-4892
* SECURITY UPDATE: Erroneous client subnet validation
- debian/patches/CVE-2026-4893.patch: Fixed length passed to check_source
in src/forward.c
- CVE-2026-4893
* SECURITY UPDATE: Buffer overflow in extract_addresses.
- debian/patches/CVE-2026-5172.patch: Check index after extracting name
in src/rfc1035.c
- CVE-2026-5172
-- Kyle Kernick <email address hidden> Wed, 29 Apr 2026 12:39:03 -0600
|
| Source diff to previous version |
| CVE-2026-2291 |
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could r |
| CVE-2026-4890 |
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS pa |
| CVE-2026-4891 |
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted |
| CVE-2026-4892 |
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root pri |
| CVE-2026-4893 |
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subn |
| CVE-2026-5172 |
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malform |
|
|
dnsmasq (2.90-2ubuntu0.1) noble; urgency=medium
* d/p/fix-crash-when-reloading-DHCP-config-on-SIGHUP.patch:
Confusion in the code to free old DHCP configuration when
it's being reloaded causes invalid pointers to be followed
and a crash (LP: #2026757).
[ Lukas Märdian ]
* d/t/{control,functions}: Allow running on non-ifupdown systems and work
around systemd-resolved conflict
* d/t/{get-address+query-dns+lua+alt,ip-addr.patterns}: dhcpcd compat.
It does not send the hostname in its default configuration, provides
slightly different lease lifetimes and adds the 'noprefixroute' tag to
the test address from ip-addr.patterns (compared to ISC dhclient).
-- Miriam España Acebal <email address hidden> Tue, 14 Jan 2025 17:34:59 +0100
|
About
-
Send Feedback to @ubuntu_updates
