Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: dnsmasq #1088

Closed
vbatts opened this issue Jun 19, 2023 · 1 comment · Fixed by flatcar/scripts#1727
Closed

update: dnsmasq #1088

vbatts opened this issue Jun 19, 2023 · 1 comment · Fixed by flatcar/scripts#1727
Labels
advisory/only-sdk affects only Flatcar SDK advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns

Comments

@vbatts
Copy link
Member

vbatts commented Jun 19, 2023
edited by dongsupark
Loading

Name: dnsmasq
CVEs: CVE-2023-28450, CVE-2023-50387, CVE-2023-50868.
CVSSs: 7.5
Action Needed: update to >= 2.90

Summary: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

Note, dnsmasq is only in Flatcar SDK, not critical.

refmap.gentoo: https://bugs.gentoo.org/905321, https://bugs.gentoo.org/924448
@vbatts vbatts added advisory security advisory security security concerns labels Jun 19, 2023
@dongsupark dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Jun 19, 2023
@dongsupark dongsupark added advisory/only-sdk affects only Flatcar SDK cvss/HIGH > 7 && < 9 assessed CVSS advisory/upstream-blocked blocked by upstream projects labels Jun 19, 2023
@github-actions github-actions bot mentioned this issue Nov 10, 2023
Closed
@github-actions github-actions bot mentioned this issue Jan 22, 2024
Closed
@tormath1
Copy link
Contributor

Added: CVE 2023-50387 and CVE 2023-50868

@github-actions github-actions bot mentioned this issue Feb 22, 2024
Closed
@dongsupark dongsupark removed the advisory/upstream-blocked blocked by upstream projects label Feb 26, 2024
@krnowak krnowak mentioned this issue Mar 4, 2024
Merged
2 tasks
@github-actions github-actions bot mentioned this issue Mar 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
advisory/only-sdk affects only Flatcar SDK advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Weekly portage-stable package updates 2024-03-04 flatcar/scripts
3 participants
@vbatts @dongsupark @tormath1