Welcome to WebmasterWorld Guest from 54.162.184.214

Forum Moderators: open

Dnsmasq With Seven Security Flaws, Including Possible RCE

     
1:34 pm on Oct 3, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25266
votes: 690


Google has disclosed seven Dnsmasq vulnerability issues, some of which could result in remote code execution.
Dnsmasq is used in network systemsfor DNS, DHCP, router advertisement and network boot.

There are patches available on Dnsmasq's git repository. [thekelleys.org.uk...]

If you have Dnsmasq 2.78 it's already patched.

There are other issues related to this, including Android and Kubernetes versions 1.5.8, 1.6.11, 1.7.7, and 1.8.0. All have been patched, with updates availobale now, or scheduled in the next automatic update. Google says it has already patched its own services.
Android partners have received this patch as well and it will be included in Android's monthly security update for October. Kubernetes versions 1.5.8, 1.6.11, 1.7.7, and 1.8.0 have been released with a patched DNS pod. Other affected Google services have been updated. Dnsmasq With Seven Security Flaws, Including Possible RCE [security.googleblog.com]