Headline
Ubuntu Security Notice USN-6034-1
Ubuntu Security Notice 6034-1 - It was discovered that Dnsmasq was sending large DNS messages over UDP, possibly causing transmission failures due to IP fragmentation. This update lowers the default maximum size of DNS messages to improve transmission reliability over UDP.
==========================================================================
Ubuntu Security Notice USN-6034-1
April 20, 2023
dnsmasq vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Dnsmasq could cause transmission reliability issues when
sending large DNS messages.
Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
It was discovered that Dnsmasq was sending large DNS messages
over UDP, possibly causing transmission failures due to IP
fragmentation. This update lowers the default maximum size of
DNS messages to improve transmission reliability over UDP.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
dnsmasq-base 2.86-1.1ubuntu2.1
Ubuntu 22.04 LTS:
dnsmasq-base 2.86-1.1ubuntu0.3
Ubuntu 20.04 LTS:
dnsmasq-base 2.80-1.1ubuntu1.7
Ubuntu 18.04 LTS:
dnsmasq-base 2.79-1ubuntu0.7
Ubuntu 16.04 ESM:
dnsmasq-base 2.79-1ubuntu0.16.04.1+esm2
Ubuntu 14.04 ESM:
dnsmasq-base 2.68-1ubuntu0.2+esm2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6034-1
CVE-2023-28450
Package Information:
https://launchpad.net/ubuntu/+source/dnsmasq/2.86-1.1ubuntu2.1
https://launchpad.net/ubuntu/+source/dnsmasq/2.86-1.1ubuntu0.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.7
https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.7
Related news
Red Hat Security Advisory 2024-4052-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Ubuntu Security Notice 6657-2 - USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP packet size as required by DNS Flag Day 2020. This issue only affected Ubuntu 23.10.
Red Hat Security Advisory 2024-1545-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-1544-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Ubuntu Security Notice 6657-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service.
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.