Your message dated Mon, 07 Oct 2024 18:58:33 +0200
with message-id <[email protected]>
and subject line Re: Critical unfixed security bugs in dnsmasq below 2.78
has caused the Debian Bug report #877685,
regarding Critical unfixed security bugs in dnsmasq below 2.78
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
877685: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877685
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dnsmasq
Version: 2.76-5+deb9u1
Severity: important
Hello,
today i have to read that dnsmasq has 3 important security bugs that have been
fixed in version 2.78.
Code can be executed with the user rights!
Because dnsmasq is running as root this is an important security issue.
An update in the stable distribution has to be done as soon as possible.
Here an german article for this issue:
https://www.heise.de/security/meldung/Sicherheitsluecken-im-freien-DNS-Server-Dnsmasq-gefaehrden-IoT-Geraete-Linux-Smartphones-Co-3849403.html
http://www.thekelleys.org.uk/dnsmasq/
https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/sandbox/dnsmasq-sandbox.patch
-- System Information:
Debian Release: 9.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dnsmasq depends on:
ii dnsmasq-base 2.76-5+deb9u1
ii init-system-helpers 1.48
ii netbase 5.4
dnsmasq recommends no packages.
--- End Message ---
--- Begin Message ---
Hi Karsten,
On Wed, 4 Oct 2017 12:34:28 +0200 Karsten <[email protected]> wrote:
> Package: dnsmasq
> Version: 2.76-5+deb9u1
> Severity: important
>
> Hello,
>
> today i have to read that dnsmasq has 3 important security bugs that have
> been fixed in version 2.78.
> Code can be executed with the user rights!
> Because dnsmasq is running as root this is an important security issue.
>
> An update in the stable distribution has to be done as soon as possible.
>
> Here an german article for this issue:
> https://www.heise.de/security/meldung/Sicherheitsluecken-im-freien-DNS-Server-Dnsmasq-gefaehrden-IoT-Geraete-Linux-Smartphones-Co-3849403.html
> http://www.thekelleys.org.uk/dnsmasq/
> https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/sandbox/dnsmasq-sandbox.patch
>
This bug refers specifically to a Debian version not maintained any
more. Closing it therefore.
Cheers,
Sven
--
GPG Fingerprint
3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
signature.asc
Description: This is a digitally signed message part
--- End Message ---