[Dnsmasq-discuss] Announce 2.85rc1 and security warning.
Simon Kelley
simon at thekelleys.org.uk
Wed Mar 17 23:35:13 UTC 2021
2.85 will go into Debian unstable on the day it's released and into
testing after the normal delay.
A backport to the 2.80 package in Buster will happen, but may take a
little longer.
Simon.
On 17/03/2021 23:11, Amit wrote:
> On Wed, Mar 17, 2021 at 2:55 PM Simon Kelley <simon at thekelleys.org.uk> wrote:
>>
>> I've just created the first release candidate for dnsmasq-2.85.
>>
>
> [snip]
>
>> TL;DR
>>
>> There's no problem unless you use
>>
>> server=8.8.8.8 at eth0 or server=8.8.8.8 at 1.2.3.4
>>
>> (or their DBus equivalents)
>>
>> OR if you use NetWorkManager with dnsmasq.
>>
>> In that case, upgrading to 2.85 is advised.
>>
>> CVE-2021-3448 is the formal designation for this bug.
>>
>> Thanks to Petr Menšík for finally spotting this historic oversight, and
>> good work on fixing it.
>>
>> Please download
>>
>> https://thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.85rc1.tar.gz
>>
>> and test it thoroughly. Then look at the diff at
>>
>> https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2;hp=4c30e9602bcf272863abb6f25b04ad035ab1a27b
>>
>
> Thank you Simon and others. This seems to work well for our setup. Do
> you have an idea of when this will be pushed to debian upstream?
> Our team tracks Debian closely so we typically wait for packages there
> before rolling out this on our test fleet.
>
More information about the Dnsmasq-discuss
mailing list