Subject: [ASA-201801-32] dnsmasq: insufficient validation Arch Linux Security Advisory ASA-201801-32 ========================================== Severity: Medium Date : 2018-01-30 CVE-ID : CVE-2017-15107 Package : dnsmasq Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-592 Summary ======= The package dnsmasq before version 2.78-2 is vulnerable to insufficient validation. Resolution ========== Upgrade to 2.78-2. # pacman -Syu "dnsmasq>=2.78-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A vulnerability was found in Dnsmasq's implementation of DNSSEC before 2.79. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. Impact ====== A remote attacker may be able to prove the non-existence of hostnames that actually exist by using wildcard synthesized NSEC records that could be improperly interpreted, References ========== http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html https://security.archlinux.org/CVE-2017-15107