Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Fedora Core 9 FEDORA-2009-1069 (dnsmasq)

Information

Severity

Severity

Medium

Family

Family

Fedora Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

15 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to dnsmasq announced via advisory FEDORA-2009-1069.

Insight

Insight

Update Information: Update to newer upstream version - 2.45. Version of dnsmasq previously shipped in Fedora 9 did not properly drop privileges, causing it to run as root instead of intended user nobody. Issue was caused by a bug in kernel-headers used in build environment of the original packages. (#454415) New upstream version also adds DNS query source port randomization, mitigating DNS spoofing attacks. (CVE-2008-1447) ChangeLog: * Mon Jul 21 2008 Patrick Jima Laughton 2.45-1 - Upstream release (bugfixes) * Wed Jul 16 2008 Patrick Jima Laughton 2.43-2 - New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113 - Dropped patch for newer glibc (merged upstream)

Solution

Solution

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update dnsmasq' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1069

Common Vulnerabilities and Exposures (CVE)