Updated dnsmasq packages fix security vulnerability
Publication date: 31 Jul 2020Modification date: 31 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14312
Description
Updated dnsmasq package fix insecure default configuration potentially making it an open resolver (CVE-2020-14312). In its default configuration, dnsmasq listen and answer query from any address even outside of the local subnet. Thus, it may inadvertently become an open resolver which might be used in Distributed Denial of Service attacks. This update add the option --local-service at startup which limits dnsmasq to listen only to machines on the same local network. This option only works if there aren't any of the following options on cmdline or in dnsmasq.conf (without the double dash): --interface --except-interface --listen-address --auth-server
References
SRPMS
7/core
- dnsmasq-2.80-5.3.mga7