{"id":"USN-4698-2","summary":"dnsmasq regression","details":"USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced\nregressions in certain environments related to issues with multiple\nqueries, and issues with retries. This update fixes the problem.\n\nOriginal advisory details:\n\n Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\n memory when sorting RRsets. A remote attacker could use this issue to cause\n Dnsmasq to hang, resulting in a denial of service, or possibly execute\n arbitrary code. (CVE-2020-25681, CVE-2020-25687)\n \n Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\n extracting certain names. A remote attacker could use this issue to cause\n Dnsmasq to hang, resulting in a denial of service, or possibly execute\n arbitrary code. (CVE-2020-25682, CVE-2020-25683)\n \n Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly\n implemented address/port checks. A remote attacker could use this issue to\n perform a cache poisoning attack. (CVE-2020-25684)\n \n Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly\n implemented query resource name checks. A remote attacker could use this\n issue to perform a cache poisoning attack. (CVE-2020-25685)\n \n Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\n multiple query requests for the same resource name. A remote attacker could\n use this issue to perform a cache poisoning attack. (CVE-2020-25686)\n \n It was discovered that Dnsmasq incorrectly handled memory during DHCP\n response creation. A remote attacker could possibly use this issue to\n cause Dnsmasq to consume resources, leading to a denial of service. This\n issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04\n LTS. (CVE-2019-14834)\n","modified":"2026-02-10T04:42:02Z","published":"2021-02-24T13:43:44Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4698-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1916462"}],"affected":[{"package":{"name":"dnsmasq","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/dnsmasq@2.75-1ubuntu0.16.04.8?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.75-1ubuntu0.16.04.8"}]}],"versions":["2.75-1","2.75-1ubuntu0.16.04.1","2.75-1ubuntu0.16.04.2","2.75-1ubuntu0.16.04.3","2.75-1ubuntu0.16.04.4","2.75-1ubuntu0.16.04.5","2.75-1ubuntu0.16.04.7"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"dnsmasq","binary_version":"2.75-1ubuntu0.16.04.8"},{"binary_name":"dnsmasq-base","binary_version":"2.75-1ubuntu0.16.04.8"},{"binary_name":"dnsmasq-utils","binary_version":"2.75-1ubuntu0.16.04.8"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4698-2.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[]}}},{"package":{"name":"dnsmasq","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/dnsmasq@2.79-1ubuntu0.3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.79-1ubuntu0.3"}]}],"versions":["2.78-1","2.78-3","2.79-1","2.79-1ubuntu0.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"dnsmasq","binary_version":"2.79-1ubuntu0.3"},{"binary_name":"dnsmasq-base","binary_version":"2.79-1ubuntu0.3"},{"binary_name":"dnsmasq-base-lua","binary_version":"2.79-1ubuntu0.3"},{"binary_name":"dnsmasq-utils","binary_version":"2.79-1ubuntu0.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4698-2.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[]}}},{"package":{"name":"dnsmasq","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/dnsmasq@2.80-1.1ubuntu1.3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.80-1.1ubuntu1.3"}]}],"versions":["2.80-1ubuntu2","2.80-1ubuntu4","2.80-1.1ubuntu1","2.80-1.1ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"dnsmasq","binary_version":"2.80-1.1ubuntu1.3"},{"binary_name":"dnsmasq-base","binary_version":"2.80-1.1ubuntu1.3"},{"binary_name":"dnsmasq-base-lua","binary_version":"2.80-1.1ubuntu1.3"},{"binary_name":"dnsmasq-utils","binary_version":"2.80-1.1ubuntu1.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4698-2.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[]}}}],"schema_version":"1.7.3"}