ALAS-2020-1458

Amazon Linux 1 Security Advisory: ALAS-2020-1458
Advisory Release Date: 2020-12-16 20:31 Pacific
Advisory Updated Date: 2023-03-22 18:52 Pacific

Severity: Low

References: CVE-2019-14834
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service. (CVE-2019-14834)

Affected Packages:

dnsmasq

Issue Correction:
Run yum update dnsmasq to update your system.

New Packages:

i686:
    dnsmasq-debuginfo-2.76-16.16.amzn1.i686
    dnsmasq-utils-2.76-16.16.amzn1.i686
    dnsmasq-2.76-16.16.amzn1.i686

src:
    dnsmasq-2.76-16.16.amzn1.src

x86_64:
    dnsmasq-utils-2.76-16.16.amzn1.x86_64
    dnsmasq-2.76-16.16.amzn1.x86_64
    dnsmasq-debuginfo-2.76-16.16.amzn1.x86_64

Additional References

Red Hat: CVE-2019-14834

Mitre: CVE-2019-14834