Advisories ยป MGASA-2020-0310

Updated dnsmasq packages fix security vulnerability

Publication date: 31 Jul 2020
Modification date: 31 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14312

Description

Updated dnsmasq package fix insecure default configuration potentially
making it an open resolver (CVE-2020-14312).

In its default configuration, dnsmasq listen and answer query from any
address even outside of the local subnet. Thus, it may inadvertently
become an open resolver which might be used in Distributed Denial of
Service attacks.

This update add the option --local-service at startup which limits
dnsmasq to listen only to machines on the same local network.

This option only works if there aren't any of the following options
on cmdline or in dnsmasq.conf (without the double dash):
--interface
--except-interface
--listen-address
--auth-server
                

References

SRPMS

7/core