SUSE-SU-2015:0979-1: moderate: Security update for dnsmasq

sle-security-updates at sle-security-updates at
Mon Jun 1 07:06:10 MDT 2015

   SUSE Security Update: Security update for dnsmasq

Announcement ID:    SUSE-SU-2015:0979-1
Rating:             moderate
References:         #923144 #928867 
Cross-References:   CVE-2015-3294
Affected Products:
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12

   An update that solves one vulnerability and has one errata
   is now available.


   The DNS server dnsmasq was updated to fix one security issue and one
   non-security bug.

   The following vulnerability was fixed:

   * CVE-2015-3294: A remote unauthenticated attacker could have caused a
     denial of service (DoS) or read heap memory, potentially disclosing
     information such as performed DNS queries or encryption keys.

   The following bug was fixed:

   * bsc#923144: When answer to an upstream query is a CNAME pointing to an
     A/AAAA record which is present locally (/etc/hosts), allow caching when
     the upstream and local A/AAAA records have the same value.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-229=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-229=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Desktop 12 (x86_64):



More information about the sle-security-updates mailing list