dnsmasq: important security update
-
I'm assuming dnsmasq is used on pfsense, since a search on this forum returns results.
Today I got a message from the pihole (fork of dnsmasq) forum, that we need to upgrade because of a an important security update
quote
In September 2020, the JSOF Research Lab 1 discovered seven security vulnerabilities in dnsmasq. They named the set of vulnerabilities dnspooq. We’ve been in contact with them and, over the last couple of weeks, we’ve partnered and worked closely with Cisco, Red Hat and, Simon Kelley (the maintainer of dnsmasq) [the order of mentioning does not imply anything] to fix the discovered vulnerabilities. It was agreed upon to keep the discovered vulnerabilities private until fixes are published to allow our users adequate time to test and install updates before exploits are easily available.
/quotein the dnsmasq repository, a new version has been released, v2.83
I assume, since this is relevant to security, we can expect an upgrade for pfsense.
Will there be a new pfsense release, if not, is it possible to patch existing installations.
There was a time where critical, required, security upgrades were announced in the RSS feed, however, I haven't seen any of these lately
Thanks for your time and effort.
-
DNSMasq is not enabled by default in pfSense. It's mostly included for backward compatibility.
Those issues look to be mostly DNSSec related which is not used in DNSMasq in pfSense, you should use Unbound if you want DNSSec.
Any updates will be in the upcoming 2.5 release though.
Steve
