[3.5] dnsmasq: Improper validation of wildcard synthesized NSEC records (CVE-2017-15107)
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up
to and including 2.78. Wildcard synthesized
NSEC records could be improperly interpreted to prove the non-existence
of hostnames that actually exist.
References:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
https://nvd.nist.gov/vuln/detail/CVE-2017-15107
Patch:
(from redmine: issue id 9380, created on 2018-09-04, closed on 2018-09-20)
- Relations:
- parent #9377 (closed)
- Changesets:
- Revision 2e8a7481 by Natanael Copa on 2018-09-20T08:00:13Z:
main/dnsmasq: backport security fix (CVE-2017-15107)
fixes #9380