Project

General

Profile

Actions

Todo #11278

closed

Update dnsmasq to >=2.8.3

Added by Logan Marchione 9 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Category:
DNS Forwarder
Target version:
Start date:
01/21/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

Not really a bug, but are you aware of DNSpooq?
https://www.jsof-tech.com/disclosures/dnspooq/

AFAIK, it was just announced today. I'm assuming FreeBSD has it patched (I don't see an advisory yet). Are there plans to patch pfSense?

Cache Poisoning Vulnerabilities
CVE-2020-25686, CVE-2020-25684, CVE-2020-25685

Buffer Overflow Vulnerabilities
CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681

Actions #1

Updated by Jim Pingle 9 months ago

  • Tracker changed from Bug to Todo
  • Subject changed from DNSpooq (not a bug, but is this planned to be patched?) to Update dnsmasq to >=2.8.3
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0

We are aware, but for the most part it wouldn't impact us. These are all issues in dnsmasq, which while included in pfSense software, has not been the default in many years. Most of them require using DNSSEC with dnsmasq, which is not supported in pfSense, so there is no way to exploit them.

If someone is concerned they could switch to using the DNS Resolver (unbound) instead.

That said, the FreeBSD ports tree now has dnsmasq 2.83 so we can pull that in to 2.5.0 before release.

Actions #2

Updated by Renato Botelho 9 months ago

  • Status changed from New to Feedback

2.84 is now imported to 2.5.0 repo

Actions #3

Updated by Renato Botelho 9 months ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF