Ubuntu USN-827-1 (dnsmasq)

Summary
The remote host is missing an update to dnsmasq announced via advisory USN-827-1.
Solution
The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dnsmasq-base 2.41-2ubuntu2.2 Ubuntu 8.10: dnsmasq-base 2.45-1ubuntu1.1 Ubuntu 9.04: dnsmasq-base 2.47-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-827-1
Insight
IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA­n Coco, Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not properly validate its input when processing TFTP requests for files with long names. A remote attacker could cause a denial of service or execute arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by default on Ubuntu. (CVE-2009-2957) Steve Grubb discovered that Dnsmasq could be made to dereference a NULL pointer when processing certain TFTP requests. A remote attacker could cause a denial of service by sending a crafted TFTP request. (CVE-2009-2958)