Heap and Stack based buffer overflows in dnsmasq prior to version 2.78 ----------------------------------------------------------------------
### Summary ### A series of heap and stack based buffer overflows have been discovered in versions of dnsmasq prior to release 2.78. ### Affected Services / Software ### Any neutron based OpenStack deployment on a version of dnsmasq prior to 2.78. ### Discussion ### The following attack vectors have been assigned the following CVE numbers. * CVE-2017-14491 * CVE-2017-14492 * CVE-2017-14493 * CVE-2017-14494 * CVE-2017-14495 * CVE-2017-14496 * CVE-2017-13704 Each of these CVE's exposes a neutron based OpenStack deployment to various attacks such as leakage of sensitive memory information or causing a denial of service. Nodes are exposed to this risk by the crafting of various nefarious DNS or DHCP requests. ### Recommended Actions ### Operators should update the dnsmasq service using the affected nodes operating systems packaging tools to version 2.78 and later, or a distribution packaged version that contains relevant backports for these vulnerabilities. ### Contacts / References ### Author: Luke Hinds <lhi...@redhat.com> This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0082 Mailing List : [Security] tag on openstack-dev@lists.openstack.org Launchpad Bug: https://bugs.launchpad.net/neutron/+bug/1721063 CVE: CVE-2017-14491 OpenStack Security Project : https://launchpad.net/~openstack-ossg
signature.asc
Description: OpenPGP digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
