Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Fedora Core 9 FEDORA-2009-1069 (dnsmasq)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to dnsmasq announced via advisory FEDORA-2009-1069.
Insight
Insight
Update Information: Update to newer upstream version - 2.45. Version of dnsmasq previously shipped in Fedora 9 did not properly drop privileges, causing it to run as root instead of intended user nobody. Issue was caused by a bug in kernel-headers used in build environment of the original packages. (#454415) New upstream version also adds DNS query source port randomization, mitigating DNS spoofing attacks. (CVE-2008-1447) ChangeLog: * Mon Jul 21 2008 Patrick Jima Laughton 2.45-1 - Upstream release (bugfixes) * Wed Jul 16 2008 Patrick Jima Laughton 2.43-2 - New upstream release, contains fixes for CVE-2008-1447/CERT VU#800113 - Dropped patch for newer glibc (merged upstream)
Solution
Solution
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update dnsmasq' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1069