Security fix, CVE-2017-14496, Integer underflow in DNS response creation. Fix DoS in DNS. Invalid boundary checks in the add_pseudoheader function allows a memcpy call with negative size An attacker which can send malicious DNS queries to dnsmasq can trigger a DoS remotely. dnsmasq is vulnerable only if one of the following option is specified: --add-mac, --add-cpe-id or --add-subnet.

commit: 897c113fda0886a28a986cc6ba17bb93bd6cb1c7 [log] [tgz]
author: Simon Kelley <simon@thekelleys.org.uk> Mon Sep 25 20:11:58 2017 +0100
committer: Simon Kelley <simon@thekelleys.org.uk> Mon Sep 25 20:11:58 2017 +0100
tree: 7770ca0af6bd6b0bc136fb554978da31c98559b9
parent: 33e3f1029c9ec6c63e430ff51063a6301d4b2262 [diff] [blame]
diff --git a/CHANGELOG b/CHANGELOG
index d1cc074..8fe00ed 100644
--- a/CHANGELOG
+++ b/CHANGELOG

@@ -60,6 +60,17 @@
 	and Kevin Hamacher of the Google Security Team for
 	finding this.
 	
+	Fix DoS in DNS. Invalid boundary checks in the
+	add_pseudoheader function allows a memcpy call with negative
+	size An attacker which can send malicious DNS queries
+	to dnsmasq can trigger a DoS remotely.
+	dnsmasq is vulnerable only if one of the following option is
+	specified: --add-mac, --add-cpe-id or --add-subnet.
+	CVE-2017-14496 applies.
+	Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
+	and Kevin Hamacher of the Google Security Team for
+	finding this.
+	
 	
 version 2.77
 	Generate an error when configured with a CNAME loop,
commit	897c113fda0886a28a986cc6ba17bb93bd6cb1c7	[log] [tgz]
author	Simon Kelley <simon@thekelleys.org.uk>	Mon Sep 25 20:11:58 2017 +0100
committer	Simon Kelley <simon@thekelleys.org.uk>	Mon Sep 25 20:11:58 2017 +0100
tree	7770ca0af6bd6b0bc136fb554978da31c98559b9
parent	33e3f1029c9ec6c63e430ff51063a6301d4b2262 [diff] [blame]