[USN-5408-1] Dnsmasq vulnerability


========================================================================== Ubuntu Security Notice USN-5408-1 May 10, 2022
dnsmasq vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 22.04 LTS – Ubuntu 21.10 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS – Ubuntu 16.04 ESM – Ubuntu 14.04 ESM
Summary:
Dnsmasq could be made to execute arbitrary code or expose sensitive information if it received a specially crafted input.
Software Description: – dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: dnsmasq 2.86-1.1ubuntu0.1 dnsmasq-base 2.86-1.1ubuntu0.1 dnsmasq-utils 2.86-1.1ubuntu0.1
Ubuntu 21.10: dnsmasq 2.85-1ubuntu2.1 dnsmasq-base 2.85-1ubuntu2.1 dnsmasq-utils 2.85-1ubuntu2.1
Ubuntu 20.04 LTS: dnsmasq 2.80-1.1ubuntu1.5 dnsmasq-base 2.80-1.1ubuntu1.5 dnsmasq-utils 2.80-1.1ubuntu1.5
Ubuntu 18.04 LTS: dnsmasq 2.79-1ubuntu0.6 dnsmasq-base 2.79-1ubuntu0.6 dnsmasq-utils 2.79-1ubuntu0.6
Ubuntu 16.04 ESM: dnsmasq 2.75-1ubuntu0.16.04.10+esm1 dnsmasq-base 2.75-1ubuntu0.16.04.10+esm1 dnsmasq-utils 2.75-1ubuntu0.16.04.10+esm1
Ubuntu 14.04 ESM: dnsmasq 2.68-1ubuntu0.2+esm1 dnsmasq-base 2.68-1ubuntu0.2+esm1 dnsmasq-utils 2.68-1ubuntu0.2+esm1
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5408-1 CVE-2022-0934
Package Information: launchpad.net/ubuntu/+source/dnsmasq/2.86-1.1ubuntu0.1 launchpad.net/ubuntu/+source/dnsmasq/2.85-1ubuntu2.1 launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.5 launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.6