{"affected":[{"ecosystem_specific":{"binaries":[{"dnsmasq":"2.78-0.16.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"dnsmasq","purl":"pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.78-0.16.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dnsmasq":"2.78-0.16.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"dnsmasq","purl":"pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.78-0.16.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dnsmasq":"2.78-0.16.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"dnsmasq","purl":"pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.78-0.16.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for dnsmasq fixes the following security issues:\n\n- CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]\n- CVE-2017-14492: heap based overflow. [bsc#1060355]\n- CVE-2017-14493: stack based overflow. [bsc#1060360]\n- CVE-2017-14494: DHCP - info leak. [bsc#1060361]\n- CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]\n- CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]\n\nThis update brings a (small) potential incompatibility in the handling of\n'basename' in --pxe-service. Please read the CHANGELOG and the documentation if\nyou are using this option.\n","id":"SUSE-SU-2017:2617-1","modified":"2017-10-02T13:53:56Z","published":"2017-10-02T13:53:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172617-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060354"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060355"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060360"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060361"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060362"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3294"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8899"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14491"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14492"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14493"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14494"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14495"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14496"}],"related":["CVE-2015-3294","CVE-2015-8899","CVE-2017-14491","CVE-2017-14492","CVE-2017-14493","CVE-2017-14494","CVE-2017-14495","CVE-2017-14496"],"summary":"Security update for dnsmasq","upstream":["CVE-2015-3294","CVE-2015-8899","CVE-2017-14491","CVE-2017-14492","CVE-2017-14493","CVE-2017-14494","CVE-2017-14495","CVE-2017-14496"]}