Update dnsmasq to >=2.8.3
Not really a bug, but are you aware of DNSpooq?
AFAIK, it was just announced today. I'm assuming FreeBSD has it patched (I don't see an advisory yet). Are there plans to patch pfSense?
Cache Poisoning Vulnerabilities
CVE-2020-25686, CVE-2020-25684, CVE-2020-25685
Buffer Overflow Vulnerabilities
CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681
Updated by Jim Pingle 9 months ago
- Tracker changed from Bug to Todo
- Subject changed from DNSpooq (not a bug, but is this planned to be patched?) to Update dnsmasq to >=2.8.3
- Assignee set to Renato Botelho
- Target version set to 2.5.0
We are aware, but for the most part it wouldn't impact us. These are all issues in dnsmasq, which while included in pfSense software, has not been the default in many years. Most of them require using DNSSEC with dnsmasq, which is not supported in pfSense, so there is no way to exploit them.
If someone is concerned they could switch to using the DNS Resolver (unbound) instead.
That said, the FreeBSD ports tree now has dnsmasq 2.83 so we can pull that in to 2.5.0 before release.