[ubuntu/jammy-security] dnsmasq 2.86-1.1ubuntu0.3 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Thu Apr 20 08:47:36 UTC 2023
dnsmasq (2.86-1.1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: IP fragmentation
- src/config.h: update default max EDNS_PKTSZ to 1232 as agreed on
dnsflagday 2020.
- man/dnsmasq.8: updating documentation to reflect new default max
EDNS_PKTSZ.
- eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
- CVE-2023-28450
dnsmasq (2.86-1.1ubuntu0.2) jammy; urgency=medium
* src/forward.c: Do not refuse retries from client DNS queries. Behaviour to
stop infinite loops when all servers return REFUSED was wrongly activated
on client retries, resulting in incorrect REFUSED replies to client
retries. The code added here is a cherry pick released in upstream version
2.87, originating at
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be
(LP: #1981794)
Date: 2023-04-18 14:05:15.363707+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dnsmasq/2.86-1.1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list