Share This:

Dnsmasq is "a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN". A number of vulnerabilities have been found that allow remote code execution and denial of service attacks.


Discovery is not vulnerable. Only one of the vulnerabilities, CVE-2017-14491, applies to RHEL/CentOS 6 and exists in the dnsmasq, dnsmasq-debuginfo and dnsmasq-utils packages - which we do not install on the appliance.


Much better wordsmiths than I have covered this on many sites, for example arstechnica and theregister, and covered quite comprehensively by Red Hat.


CVE-2017-14491 (CWE-122): RHEL6 is affected, we do not ship the dnsmasq packages.

CVE-2017-14492 (CWE-122): RHEL6 not affected.

CVE-2017-14493 (CWE-121): RHEL6 not affected.

CVE-2017-14494 (CWE-125): RHEL6 not affected.

CVE-2017-14495 (CWE-400): RHEL6 not affected.

CVE-2017-14496 (CWE-190->CWE-125): RHEL6 not affected.

CVE-2017-13704 (CWE190): RHEL6 not affected.


I think we should take the opportunity to come up with a codename too - in the comments section below.