Google has disclosed seven Dnsmasq vulnerability issues, some of which could result in remote code execution.
Dnsmasq is used in network systemsfor DNS, DHCP, router advertisement and network boot.
There are patches available on Dnsmasq's git repository. [thekelleys.org.uk
If you have Dnsmasq 2.78 it's already patched.
There are other issues related to this, including Android and Kubernetes versions 1.5.8, 1.6.11, 1.7.7, and 1.8.0. All have been patched, with updates availobale now, or scheduled in the next automatic update. Google says it has already patched its own services.
Android partners have received this patch as well and it will be included in Android's monthly security update for October. Kubernetes versions 1.5.8, 1.6.11, 1.7.7, and 1.8.0 have been released with a patched DNS pod. Other affected Google services have been updated. Dnsmasq With Seven Security Flaws, Including Possible RCE [security.googleblog.com]