Security fix, CVE-2017-14491 DNS heap buffer overflow. Fix heap overflow in DNS code. This is a potentially serious security hole. It allows an attacker who can make DNS requests to dnsmasq, and who controls the contents of a domain, which is thereby queried, to overflow (by 2 bytes) a heap buffer and either crash, or even take control of, dnsmasq.

commit: 0549c73b7ea6b22a3c49beb4d432f185a81efcbc [log] [tgz]
author: Simon Kelley <simon@thekelleys.org.uk> Mon Sep 25 18:17:11 2017 +0100
committer: Simon Kelley <simon@thekelleys.org.uk> Mon Sep 25 18:17:11 2017 +0100
tree: 358881f981cb34b7d88fdc54260cf4245d61cac4
parent: b697fbb7f17ee80ce579361920cb6a879fb868e8 [diff] [blame]
diff --git a/CHANGELOG b/CHANGELOG
index 7e65912..a7c2f35 100644
--- a/CHANGELOG
+++ b/CHANGELOG

@@ -24,6 +24,18 @@
 	Juan Manuel Fernandez and Kevin Darbyshire-Bryant for
 	chasing this one down.  CVE-2017-13704 applies.
 
+	Fix heap overflow in DNS code. This is a potentially serious
+	security hole. It allows an attacker who can make DNS
+	requests to dnsmasq, and who controls the contents of
+	a domain, which is thereby queried, to overflow
+	(by 2 bytes) a heap buffer and either crash, or
+	even take control of, dnsmasq.
+	CVE-2017-14491 applies.
+	Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
+	and Kevin Hamacher of the Google Security Team for
+	finding this.
+
+
 	
 version 2.77
 	Generate an error when configured with a CNAME loop,
commit	0549c73b7ea6b22a3c49beb4d432f185a81efcbc	[log] [tgz]
author	Simon Kelley <simon@thekelleys.org.uk>	Mon Sep 25 18:17:11 2017 +0100
committer	Simon Kelley <simon@thekelleys.org.uk>	Mon Sep 25 18:17:11 2017 +0100
tree	358881f981cb34b7d88fdc54260cf4245d61cac4
parent	b697fbb7f17ee80ce579361920cb6a879fb868e8 [diff] [blame]