CVE 2017-14491
'Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.'
ClearCenter response
Short response
This issue was resolved in a backported fix. Current up to date versions not affected.
Long response
This issue was resolved in dnsmasq-2.48-18 for ClearOS 6.x. Systems with this version of dnsmasq or higher are not affected by this issue. ClearOS 7 and later systems are not affected.
Resolution
To validate that you are running dnsmasq-2.48-18 or higher by issuing the following command:
rpm -qi dnsmasq
If you are running a lesser version than dnsmasq-2.48-18, please update your system by running:
yum update
Links
content/en_us/announcements_cve_cve-2017-14491.txt · Last modified: 2017/12/20 09:33 by dloper