Bug 2437156
| Summary: | CVE-2020-37127 incus: dnsmasq-utils 'dhcp_release' Denial of Service [fedora-43] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jon Moroney <jmoroney> |
| Component: | incus | Assignee: | Neal Gompa <ngompa13> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 43 | CC: | dherrera, fabian, go-sig, jonathan, ngompa13, rcallicotte, reto.gantenbein |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | {"flaws": ["79a95e41-6caf-41e5-81e8-9acd2fbd130d"]} | ||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2026-04-13 21:53:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2437103 | ||
|
Description
Jon Moroney
2026-02-05 19:20:13 UTC
I believe this is a false positive as the CVE is reported against dnsmasq and dnsmasq is not shipped as part of the Incus package in Fedora. Although incus depends on dnsmasq the referenced vulnerability happened to be in a much older version of dnsmasq as currently shipped with Fedora. |