(RHSA-2024:3877) Important: dnsmasq security update

2024-06-1302:17:25

access.redhat.com

rhsa-2024-3877

dnsmasq

security update

cpu consumption

dns

dhcp

bind9

cve-2023-50387

cve-2023-50868

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

Low

JSON

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64lednsmasq-debugsource< 2.79-15.el8_4.2dnsmasq-debugsource-2.79-15.el8_4.2.ppc64le.rpm
RedHat8x86_64dnsmasq-debuginfo< 2.79-15.el8_4.2dnsmasq-debuginfo-2.79-15.el8_4.2.x86_64.rpm
RedHat8x86_64dnsmasq-utils< 2.79-15.el8_4.2dnsmasq-utils-2.79-15.el8_4.2.x86_64.rpm
RedHat8x86_64dnsmasq-utils-debuginfo< 2.79-15.el8_4.2dnsmasq-utils-debuginfo-2.79-15.el8_4.2.x86_64.rpm
RedHat8ppc64lednsmasq< 2.79-15.el8_4.2dnsmasq-2.79-15.el8_4.2.ppc64le.rpm
RedHat8ppc64lednsmasq-utils< 2.79-15.el8_4.2dnsmasq-utils-2.79-15.el8_4.2.ppc64le.rpm
RedHat8x86_64dnsmasq< 2.79-15.el8_4.2dnsmasq-2.79-15.el8_4.2.x86_64.rpm
RedHat8x86_64dnsmasq-debugsource< 2.79-15.el8_4.2dnsmasq-debugsource-2.79-15.el8_4.2.x86_64.rpm
RedHat8ppc64lednsmasq-utils-debuginfo< 2.79-15.el8_4.2dnsmasq-utils-debuginfo-2.79-15.el8_4.2.ppc64le.rpm
RedHat8ppc64lednsmasq-debuginfo< 2.79-15.el8_4.2dnsmasq-debuginfo-2.79-15.el8_4.2.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	ppc64le	dnsmasq-debugsource	< 2.79-15.el8_4.2	dnsmasq-debugsource-2.79-15.el8_4.2.ppc64le.rpm
RedHat	8	x86_64	dnsmasq-debuginfo	< 2.79-15.el8_4.2	dnsmasq-debuginfo-2.79-15.el8_4.2.x86_64.rpm
RedHat	8	x86_64	dnsmasq-utils	< 2.79-15.el8_4.2	dnsmasq-utils-2.79-15.el8_4.2.x86_64.rpm
RedHat	8	x86_64	dnsmasq-utils-debuginfo	< 2.79-15.el8_4.2	dnsmasq-utils-debuginfo-2.79-15.el8_4.2.x86_64.rpm
RedHat	8	ppc64le	dnsmasq	< 2.79-15.el8_4.2	dnsmasq-2.79-15.el8_4.2.ppc64le.rpm
RedHat	8	ppc64le	dnsmasq-utils	< 2.79-15.el8_4.2	dnsmasq-utils-2.79-15.el8_4.2.ppc64le.rpm
RedHat	8	x86_64	dnsmasq	< 2.79-15.el8_4.2	dnsmasq-2.79-15.el8_4.2.x86_64.rpm
RedHat	8	x86_64	dnsmasq-debugsource	< 2.79-15.el8_4.2	dnsmasq-debugsource-2.79-15.el8_4.2.x86_64.rpm
RedHat	8	ppc64le	dnsmasq-utils-debuginfo	< 2.79-15.el8_4.2	dnsmasq-utils-debuginfo-2.79-15.el8_4.2.ppc64le.rpm
RedHat	8	ppc64le	dnsmasq-debuginfo	< 2.79-15.el8_4.2	dnsmasq-debuginfo-2.79-15.el8_4.2.ppc64le.rpm