dnsmasq crashes querying any CNAME that points to localhost.localdomain

Bug #1581181 reported by emk2203 on 2016-05-12
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
dnsmasq (Ubuntu)
Undecided
Unassigned

Bug Description

Further info can be found on the mailing list of dnsmasq: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html

The bug is fixed upstream in git, according to the dnsmasq author Simon Kelley.

In a real-world scenario, a pi hole system https://pi-hole.net with Ubuntu 16.04 (ARM SBC acting as ad filter for a network) crashes after 5 - 10 minutes of usage because of this bug. This makes a setup with this dnsmasq version 2.75 unusable.

According to the bug report on the mailing list http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010505.html, it is also a security violation and therefore tagged as such.

Noticed by me in Ubuntu 16.04 LTS on ARM system, but applies to all dnsmasq 2.75 versions.

CVE References

Marc Deslauriers (mdeslaur) wrote :
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dnsmasq (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dnsmasq - 2.75-1ubuntu0.15.10.1

---------------
dnsmasq (2.75-1ubuntu0.15.10.1) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted CNAME (LP: #1581181)
    - src/cache.c: fix crash when empty address from DNS overlays A record
      from hosts.
    - 41a8d9e99be9f2cc8b02051dd322cb45e0faac87
    - CVE-2015-8899

 -- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 15:05:23 +0300

Changed in dnsmasq (Ubuntu):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dnsmasq - 2.75-1ubuntu0.16.04.1

---------------
dnsmasq (2.75-1ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted CNAME (LP: #1581181)
    - src/cache.c: fix crash when empty address from DNS overlays A record
      from hosts.
    - 41a8d9e99be9f2cc8b02051dd322cb45e0faac87
    - CVE-2015-8899

 -- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 15:05:23 +0300

Changed in dnsmasq (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers