An update for dnsmasq is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1821 Final 1.0 1.0 2022-08-12 Initial 2022-08-12 2022-08-12 openEuler SA Tool V1.0 2022-08-12 dnsmasq security update An update for dnsmasq is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3. Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks. Security Fix(es): A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.(CVE-2020-14312) An update for dnsmasq is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium dnsmasq https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1821 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-14312 https://nvd.nist.gov/vuln/detail/CVE-2020-14312 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 dnsmasq-help-2.82-10.oe1.aarch64.rpm dnsmasq-2.82-10.oe1.aarch64.rpm dnsmasq-debuginfo-2.82-10.oe1.aarch64.rpm dnsmasq-debugsource-2.82-10.oe1.aarch64.rpm dnsmasq-debugsource-2.82-11.oe1.aarch64.rpm dnsmasq-2.82-11.oe1.aarch64.rpm dnsmasq-help-2.82-11.oe1.aarch64.rpm dnsmasq-debuginfo-2.82-11.oe1.aarch64.rpm dnsmasq-2.82-10.oe1.src.rpm dnsmasq-2.82-11.oe1.src.rpm dnsmasq-debugsource-2.82-10.oe1.x86_64.rpm dnsmasq-help-2.82-10.oe1.x86_64.rpm dnsmasq-debuginfo-2.82-10.oe1.x86_64.rpm dnsmasq-2.82-10.oe1.x86_64.rpm dnsmasq-debugsource-2.82-11.oe1.x86_64.rpm dnsmasq-2.82-11.oe1.x86_64.rpm dnsmasq-debuginfo-2.82-11.oe1.x86_64.rpm dnsmasq-help-2.82-11.oe1.x86_64.rpm A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. 2022-08-12 CVE-2020-14312 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H dnsmasq security update 2022-08-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1821