Security Architecture, Endpoint/Device Security, IoT, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Google patches 7 flaws in Dnsmasq

Google reported it has discovered and issued patches fo seven vulnerabilities in the DNS software package Dnsmasq, several of which could lead to remote code execution or leave the device open to a denial of service attack if exploited.

The issues are CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-1449 and CVE-2017-13704. The first three can result in remote code execution, the fourth information leakage, the fifth OOM/DoS and the last two DOS. Google said after the problems were found it worked with Simon Kelly who maintains Dnsmasq to develop the proper patches, which have since been released. Patches for Android will be included in that operating systems October security update.

Dnsmasq is widely used in systems ranging from desktop Linux distributions, to home routers to IoT devices and provides functionality for serving DNS, DHCP and router advertisements and network boot, Google reported.

Dnsmasq provides functionality for serving DNS, DHCP, router advertisements and network boot. This software is commonly installed in systems as varied as desktop Linux distributions (like Ubuntu), home routers, and IoT devices. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.