Candidate: CVE-2012-3411 PublicDate: 2013-03-05 21:38:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3411 http://www.openwall.com/lists/oss-security/2012/07/12/5 Description: Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. Ubuntu-Description: Notes: jdstrand> patch sent upstream but not yet sent upstream or in the git repository (http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=summary) mdeslaur> upstream has added a new --bind-dynamic option in 2.63 instead mdeslaur> of using the RH patch. libvirt needs to be modified to use mdeslaur> --bind-dynamic also. seth-arnold> (pt2) fixes a likely FTBFS introduced by (pt1) -- there may be more, the commit message didn't make finding this one easy mdeslaur> changes are intrusive and may introduce behaviour changes in mdeslaur> stable releases. We will not be backporting this fix. mdeslaur> Marking as ignored. Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=833033 https://bugzilla.redhat.com/show_bug.cgi?id=838528 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372 Priority: low Discovered-by: Assigned-to: CVSS: Patches_dnsmasq: upstream: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=54dd393f3938fc0c19088fbd319b95e37d81a2b0 (pt1) upstream: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2f38141f434e23292f84cefc33e8de76fb856147 (pt2) upstream_dnsmasq: needs-triage hardy_dnsmasq: ignored (reached end-of-life) lucid_dnsmasq: ignored natty_dnsmasq: ignored oneiric_dnsmasq: ignored (reached end-of-life) precise_dnsmasq: ignored quantal_dnsmasq: not-affected (2.63-1ubuntu1) raring_dnsmasq: not-affected (2.63-1ubuntu1) saucy_dnsmasq: not-affected (2.63-1ubuntu1) devel_dnsmasq: not-affected (2.63-1ubuntu1) Patches_libvirt: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=719c2c7665e5826a8cf05531080fe20354b39de1 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=bf402e77b6d53a4e569b3aa76aef9c7d589c0cf2 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=753ff83a50263d6975f88d6605d4b5ddfcc97560 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=5114431396fd125b6ebe4d1a20a981111f948ee7 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ff33f807739dc2950e4df8c1d4007ce9f8b290c0 upstream_libvirt: needs-triage hardy_libvirt: ignored (reached end-of-life) lucid_libvirt: ignored natty_libvirt: ignored oneiric_libvirt: ignored (reached end-of-life) precise_libvirt: ignored quantal_libvirt: ignored raring_libvirt: not-affected (1.0.2-0ubuntu6) saucy_libvirt: not-affected (1.0.2-0ubuntu6) devel_libvirt: not-affected (1.0.2-0ubuntu6)