Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

What is the correct way to restart dnsmasq when it is in the libvirtd cgroup


How that dnsmasq has the following new disclosures:

  • CVE-2017-14491 DNS heap buffer overflow.
  • CVE-2017-14492, DHCPv6 RA heap overflow.
  • CVE-2017-14493, DHCPv6 - Stack buffer overflow.
  • CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.
  • CVE-2017-14495, OOM in DNS response creation.
  • CVE-2017-14496, Integer underflow in DNS response creation.

How should I restart dnsmasq when it is in the libvirtd cgroup, please?

When I run: sudo systemctl restart libvirtd dnsmasq does not call execve(2), instead it only re-reads configuration files.

That leaves the vulnerable version of dnsmasq still running after a patched copy is installed on disk.

Thanks, MC