All the supported Ubuntu OSeses have been affected

May 5, 2015 14:53 GMT  ·  By

Canonical has published details in a security notice about a Dnsmasq vulnerability in Ubuntu 15.04, Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS, that has been found and fixed.

A small problem has been identified with the Dnsmasq package, which is a small caching DNS proxy and DHCP/TFTP server. Apparently, it has been made to crash or expose sensitive information if it received specially crafted network traffic.

"Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information," reads the security notice.

For a more detailed description of the problems, you can see Canonical's security notification. The problem can be corrected if you upgrade your system(s) to the latest dnsmasq-base package. To apply the patch, you can simply run the Update Manager application, but you can also use the terminal if you don't like the provided GUI interface. Open a terminal and enter the following commands (you will need to be root):

code
sudo apt-get update
sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes. The update requires a system reboot in order to be completed.