This bug was fixed in the package dnsmasq - 2.75-1ubuntu0.15.10.1
---------------
dnsmasq (2.75-1ubuntu0.15.10.1) wily-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted CNAME (LP: #1581181)
- src/cache.c: fix crash when empty address from DNS overlays A record
from hosts.
- 41a8d9e99be9f2cc8b02051dd322cb45e0faac87
- CVE-2015-8899
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 14 Jun 2016
15:05:23 +0300
** Changed in: dnsmasq (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8899
** Changed in: dnsmasq (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1581181
Title:
dnsmasq crashes querying any CNAME that points to
localhost.localdomain
Status in dnsmasq package in Ubuntu:
Fix Released
Bug description:
Further info can be found on the mailing list of dnsmasq:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-
discuss/2016q2/010479.html
The bug is fixed upstream in git, according to the dnsmasq author
Simon Kelley.
In a real-world scenario, a pi hole system https://pi-hole.net with
Ubuntu 16.04 (ARM SBC acting as ad filter for a network) crashes after
5 - 10 minutes of usage because of this bug. This makes a setup with
this dnsmasq version 2.75 unusable.
According to the bug report on the mailing list
http://lists.thekelleys.org.uk/pipermail/dnsmasq-
discuss/2016q2/010505.html, it is also a security violation and
therefore tagged as such.
Noticed by me in Ubuntu 16.04 LTS on ARM system, but applies to all
dnsmasq 2.75 versions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1581181/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
