{"affected":[{"ecosystem_specific":{"binaries":[{"dnsmasq":"2.78-0.17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"dnsmasq","purl":"pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.78-0.17.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"dnsmasq":"2.78-0.17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"dnsmasq","purl":"pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.78-0.17.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for dnsmasq fixes the following security issues:\n\n- CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354]\n- CVE-2017-14492: heap based overflow. [bsc#1060355]\n- CVE-2017-14493: stack based overflow. [bsc#1060360]\n- CVE-2017-14494: DHCP - info leak. [bsc#1060361]\n- CVE-2017-14495: DNS - OOM DoS. [bsc#1060362]\n- CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364]\n\nThis update brings a (small) potential incompatibility in the handling of\n'basename' in --pxe-service. Please read the CHANGELOG and the documentation if\nyou are using this option.\n","id":"SUSE-SU-2017:2619-1","modified":"2017-10-02T13:51:46Z","published":"2017-10-02T13:51:46Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172619-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060354"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060355"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060360"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060361"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060362"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3294"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8899"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14491"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14492"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14493"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14494"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14495"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14496"}],"related":["CVE-2015-3294","CVE-2015-8899","CVE-2017-14491","CVE-2017-14492","CVE-2017-14493","CVE-2017-14494","CVE-2017-14495","CVE-2017-14496"],"summary":"Security update for dnsmasq","upstream":["CVE-2015-3294","CVE-2015-8899","CVE-2017-14491","CVE-2017-14492","CVE-2017-14493","CVE-2017-14494","CVE-2017-14495","CVE-2017-14496"]}