A flaw was found in dnsmasq. A heap use after free issue in the dhcp6 server may lead to remote denial of service via crafted packet. References: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html
This flaw were found independently also by Richard Johnson of Trellix ATR (richard.johnson), reported few days after me to upstream. Should we wait for CVE assignment or fix it just without it? It were not yet made public as far as I know.
marking OSD4 affected/wontfix; dnsmasq present but dhcp6 not used
Upstream patch commit: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
I have just checked https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934 and it is still reserved only. Could that be updated also?
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7633 https://access.redhat.com/errata/RHSA-2022:7633
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8070 https://access.redhat.com/errata/RHSA-2022:8070
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0934
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:1545 https://access.redhat.com/errata/RHSA-2024:1545