vulnerability in dnsmasq

Bug #1721063 reported by Reedip on 2017-10-03
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Security Advisory
Undecided
Unassigned
OpenStack Security Notes
Undecided
Luke Hinds
neutron
Undecided
Unassigned

Bug Description

As per [1],[2] , there have been some vulnerability issue in dnsmasq.
The same have been fixed in dnsmasq version 2.78
In order to avoid the vulnerabilities, it would be advisable to update dnsmasq to version 2.78
[1]: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
[2]: https://thehackernews.com/2017/10/dnsmasq-network-services.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1592.dj0ao06ba4.yhy

Reedip (reedip-banerjee) on 2017-10-03
description: updated
information type: Public → Public Security
Jeremy Stanley (fungi) wrote :

Triaged as vulnerability report class C2 "A vulnerability, but not in OpenStack supported code, e.g., in a dependency" https://security.openstack.org/vmt-process.html#incident-report-taxonomy . As such there will be no advisory, but work is underway already for a security note about this: https://review.openstack.org/509160

Changed in ossa:
status: New → Won't Fix
information type: Public Security → Public
tags: added: security
Changed in ossn:
status: New → In Progress
assignee: nobody → Luke Hinds (lhinds)
Reedip (reedip-banerjee) on 2017-10-03
Changed in neutron:
status: New → Won't Fix
Luke Hinds (lhinds) on 2017-10-12
Changed in ossn:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers