neutron

vulnerability in dnsmasq

Bug #1721063 reported by Reedip
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Security Advisory
Won't Fix
Undecided
Unassigned
OpenStack Security Notes
Fix Released
Undecided
Luke Hinds
neutron
Won't Fix
Undecided
Unassigned

Bug Description

As per [1],[2] , there have been some vulnerability issue in dnsmasq.
The same have been fixed in dnsmasq version 2.78
In order to avoid the vulnerabilities, it would be advisable to update dnsmasq to version 2.78
[1]: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
[2]: https://thehackernews.com/2017/10/dnsmasq-network-services.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1592.dj0ao06ba4.yhy

See original description
Tags: security
Reedip (reedip-banerjee-deactivatedaccount)
description: updated
Brian Haley (brian-haley)
information type: Public → Public Security
Revision history for this message
Jeremy Stanley (fungi) wrote :

Triaged as vulnerability report class C2 "A vulnerability, but not in OpenStack supported code, e.g., in a dependency" https://security.openstack.org/vmt-process.html#incident-report-taxonomy . As such there will be no advisory, but work is underway already for a security note about this: https://review.openstack.org/509160

Changed in ossa:
status: New → Won't Fix
information type: Public Security → Public
tags: added: security
Changed in ossn:
status: New → In Progress
assignee: nobody → Luke Hinds (lhinds)
Reedip (reedip-banerjee-deactivatedaccount)
Changed in neutron:
status: New → Won't Fix
Luke Hinds (lhinds)
Changed in ossn:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.