USN-4976-2: Dnsmasq vulnerability
7 September 2022
Dnsmasq could be exposed to cache poisoning.
- dnsmasq - Small caching DNS proxy and DHCP/TFTP server
USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix
some security issues.
Original advisory details:
Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in
certain configurations. A remote attacker could possibly use this issue to
facilitate DNS cache poisoning attacks.
The problem can be corrected by updating your system to the following package versions:
- dnsmasq - 2.79-1ubuntu0.16.04.1+esm1
- dnsmasq-utils - 2.79-1ubuntu0.16.04.1+esm1
- dnsmasq-base - 2.79-1ubuntu0.16.04.1+esm1
After a standard system update you need to reboot your computer to make
all the necessary changes.
- USN-4976-1: dnsmasq-utils, dnsmasq-base-lua, dnsmasq-base, dnsmasq