OracleVM 2.1 : dnsmasq (OVMSA-2009-0022)
Medium Nessus Plugin ID 79464
SynopsisThe remote OracleVM host is missing a security update.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
CVE-2009-2957 Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
CVE-2009-2958 The tftp_request function in tftp.c in dnsmasq before 2.50, when
--enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
- problems with strings when enabling tftp (CVE-2009-2957, CVE-2009-2957)
- Resolves: rhbg#519021
- update to new upstream version
- fixes for CVE-2008-1447/CERT VU#800113
- Resolves: rhbz#454869
SolutionUpdate the affected dnsmasq package.