Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    dnsmasq: important security update

    General pfSense Questions
    2
    2
    222
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jpgpi250
      jpgpi250 last edited by

      I'm assuming dnsmasq is used on pfsense, since a search on this forum returns results.

      Today I got a message from the pihole (fork of dnsmasq) forum, that we need to upgrade because of a an important security update

      quote
      In September 2020, the JSOF Research Lab 1 discovered seven security vulnerabilities in dnsmasq. They named the set of vulnerabilities dnspooq. We’ve been in contact with them and, over the last couple of weeks, we’ve partnered and worked closely with Cisco, Red Hat and, Simon Kelley (the maintainer of dnsmasq) [the order of mentioning does not imply anything] to fix the discovered vulnerabilities. It was agreed upon to keep the discovered vulnerabilities private until fixes are published to allow our users adequate time to test and install updates before exploits are easily available.
      /quote

      in the dnsmasq repository, a new version has been released, v2.83

      I assume, since this is relevant to security, we can expect an upgrade for pfsense.

      Will there be a new pfsense release, if not, is it possible to patch existing installations.

      There was a time where critical, required, security upgrades were announced in the RSS feed, however, I haven't seen any of these lately

      Thanks for your time and effort.

      1 Reply Last reply Reply Quote 1
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        DNSMasq is not enabled by default in pfSense. It's mostly included for backward compatibility.

        Those issues look to be mostly DNSSec related which is not used in DNSMasq in pfSense, you should use Unbound if you want DNSSec.

        Any updates will be in the upcoming 2.5 release though.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy