[Dnsmasq-discuss] IMPORTANT SECURITY INFORMATION.

Simon Kelley simon at thekelleys.org.uk
Mon Oct 2 15:01:59 BST 2017


I've just released dnsmasq-2.78, which addresses a series of serious
security vulnerabilities which have been found in dnsmasq by the Google
security team. Some of these, including the most serious, have been in
dnsmasq since prehistoric times, and have remained undetected through
multiple previous security audits.

Google's release about this can be found at:

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Information on these bugs has been made available in advance through the
usual channels and updates to distribution packages, firmware images and
Android should be available now or very soon.

I'd like to take this opportunity to thank the people at Google who've
been working with me on this. Releasing information of vulnerabilities
like this in a responsible and organised manner is a fairly daunting
prospect for the uninitiated, and they've been very helpful in helping
to work through the processes. Especial thanks go to Matt Linton and
Kevin Stadmeyer.

Cheers,

Simon.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20171002/cba83eb7/attachment.sig>


More information about the Dnsmasq-discuss mailing list