Bugzilla – Bug 1076958
VUL-0: CVE-2017-15107: dnsmasq: dnsmasq: Improper validation of wildcard synthesized NSEC records
Last modified: 2021-10-20 12:35:08 UTC
rh#1510570 A vulnerability in DNSSEC implementation of Dnsmasq was found. Processing of wildcard synthesized NSEC records may result in improper validation for non-existance in some implementations of DNSSEC. While synthesis of NSEC records is allowed by RFC4592, the synthesized owner names should not be used in the NSEC processing. References: https://bugzilla.redhat.com/show_bug.cgi?id=1510570 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15107
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
SUSE-SU-2019:1721-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1054429,1076958 CVE References: CVE-2017-15107 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): dnsmasq-2.78-18.6.1 SUSE OpenStack Cloud 8 (src): dnsmasq-2.78-18.6.1 SUSE OpenStack Cloud 7 (src): dnsmasq-2.78-18.6.1 SUSE Linux Enterprise Server 12-SP4 (src): dnsmasq-2.78-18.6.1 SUSE Linux Enterprise Server 12-SP3 (src): dnsmasq-2.78-18.6.1 SUSE Linux Enterprise Desktop 12-SP4 (src): dnsmasq-2.78-18.6.1 SUSE Linux Enterprise Desktop 12-SP3 (src): dnsmasq-2.78-18.6.1 HPE Helion Openstack 8 (src): dnsmasq-2.78-18.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:14190-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1076958,1138743 CVE References: CVE-2017-15107 Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): dnsmasq-2.78-0.17.10.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): dnsmasq-2.78-0.17.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:3189-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1076958,1138743,1152539,1154849,1156543 CVE References: CVE-2017-15107,CVE-2019-14834 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): dnsmasq-2.78-7.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): dnsmasq-2.78-7.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:3188-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1076958,1138743,1152539,1154849,1156543 CVE References: CVE-2017-15107,CVE-2019-14834 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): dnsmasq-2.78-3.8.1 SUSE Linux Enterprise Module for Basesystem 15 (src): dnsmasq-2.78-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2669-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1076958,1138743,1152539,1154849,1156543 CVE References: CVE-2017-15107,CVE-2019-14834 Sources used: openSUSE Leap 15.1 (src): dnsmasq-2.78-lp151.5.3.1
Done
This is an autogenerated message for OBS integration: This bug (1076958) was mentioned in https://build.opensuse.org/request/show/921125 Factory / dnsmasq
This is an autogenerated message for OBS integration: This bug (1076958) was mentioned in https://build.opensuse.org/request/show/921143 Factory / dnsmasq