Wind River Security Vulnerability Note: DNSMasq Multiple Vulnerabilities - CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, and CVE-2017-13704
Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.
The latest reported DNSMasq vulnerabilities, tracked under the following CVE entries - CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, and CVE-2017-13704, are being addressed by the Security Response Team. The following Wind River Linux versions are affected:
Linux 9
Linux 8
Linux 7
Linux 6
Linux 5
This issue has been rated as HIGH, reference https://knowledge.windriver.com/en-us/020_Product_Support_Policies/010/000_Security_Vulnerability_Response_Policy
The various patches are not yet ready. We will update this page when the patches become available.
We will continue to monitor the situation in case there are new developments. If necessary, we will post periodic updates via RSS feeds and the Wind River Support Network.
www.windriver.com/feeds/wrlinux_900.xml
www.windriver.com/feeds/wrlinux_800.xml
www.windriver.com/feeds/wrlinux_700.xml
www.windriver.com/feeds/wrlinux_600.xml
www.windriver.com/feeds/wrlinux_500.xml
2017.10.05: Initial notice
