CVE-2013-0198 | Ubuntu

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dnsmasq	16.04 LTS xenial	Fixed 2.65-1ubuntu1
	15.10 wily	Fixed 2.65-1ubuntu1
	15.04 vivid	Fixed 2.65-1ubuntu1
	14.10 utopic	Fixed 2.65-1ubuntu1
	14.04 LTS trusty	Fixed 2.65-1ubuntu1
	13.10 saucy	Fixed 2.65-1ubuntu1
	13.04 raring	Fixed 2.65-1ubuntu1
	12.10 quantal	Ignored end of life
	12.04 LTS precise	Ignored
	11.10 oneiric	Ignored end of life
	10.04 LTS lucid	Ignored end of life
	8.04 LTS hardy	Ignored end of life

Notes

mdeslaur

may introduce changes in behaviour, see https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1126488 we will not be fixing this in Ubuntu 12.04 LTS, users in environments where this issue is problematic are recommended to upgrade to a more recent LTS release.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
dnsmasq	Upstream: http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=22ce550e5346947a12a781ed0959a7b1165d0dc6 Upstream: http://www.thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=e25db1f273920d58c5d2e7569cd087e5bd73dd73

References

Other references

https://www.cve.org/CVERecord?id=CVE-2013-0198