Package: dnsmasq Version: 2.76-5+deb9u1 Severity: important Hello,
today i have to read that dnsmasq has 3 important security bugs that have been fixed in version 2.78. Code can be executed with the user rights! Because dnsmasq is running as root this is an important security issue. An update in the stable distribution has to be done as soon as possible. Here an german article for this issue: https://www.heise.de/security/meldung/Sicherheitsluecken-im-freien-DNS-Server-Dnsmasq-gefaehrden-IoT-Geraete-Linux-Smartphones-Co-3849403.html http://www.thekelleys.org.uk/dnsmasq/ https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/sandbox/dnsmasq-sandbox.patch -- System Information: Debian Release: 9.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dnsmasq depends on: ii dnsmasq-base 2.76-5+deb9u1 ii init-system-helpers 1.48 ii netbase 5.4 dnsmasq recommends no packages.
