USN-627-1: Dnsmasq vulnerability

Ubuntu Security Notice USN-627-1

22nd July, 2008

dnsmasq vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.04 LTS

Software description

  • dnsmasq

Details

Dan Kaminsky discovered weaknesses in the DNS protocol as implemented
by Dnsmasq. A remote attacker could exploit this to spoof DNS entries
and poison DNS caches. Among other things, this could lead to
misdirected email and web traffic.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.04 LTS:
dnsmasq-base 2.41-2ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart Dnsmasq to effect
the necessary changes.

References

CVE-2008-1447