[3.3] dnsmasq: Denial-of-service when empty address from DNS overlays A record from hosts (CVE-2015-8899)
Dnsmasq before 2.76 allows remote servers to cause a denial of service
(crash) via a reply with
an empty DNS address that has an (1) A or (2) AAAA record defined
locally.
References:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1581181
Patch:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87
(from redmine: issue id 5923, created on 2016-07-20, closed on 2016-07-21)
- Relations:
- parent #5922 (closed)
- Changesets:
- Revision e587f8ab by Natanael Copa on 2016-07-20T12:49:18Z:
main/dnsmasq: security upgrade to 2.76 (CVE-2015-8899)
fixes #5923