Todo #11278

Update dnsmasq to >=2.8.3

Added by Logan Marchione about 1 month ago. Updated 29 days ago.

DNS Forwarder
Target version:
Start date:
Due date:
% Done:


Estimated time:


Not really a bug, but are you aware of DNSpooq?

AFAIK, it was just announced today. I'm assuming FreeBSD has it patched (I don't see an advisory yet). Are there plans to patch pfSense?

Cache Poisoning Vulnerabilities
CVE-2020-25686, CVE-2020-25684, CVE-2020-25685

Buffer Overflow Vulnerabilities
CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681


#1 Updated by Jim Pingle about 1 month ago

  • Tracker changed from Bug to Todo
  • Subject changed from DNSpooq (not a bug, but is this planned to be patched?) to Update dnsmasq to >=2.8.3
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0

We are aware, but for the most part it wouldn't impact us. These are all issues in dnsmasq, which while included in pfSense software, has not been the default in many years. Most of them require using DNSSEC with dnsmasq, which is not supported in pfSense, so there is no way to exploit them.

If someone is concerned they could switch to using the DNS Resolver (unbound) instead.

That said, the FreeBSD ports tree now has dnsmasq 2.83 so we can pull that in to 2.5.0 before release.

#2 Updated by Renato Botelho about 1 month ago

  • Status changed from New to Feedback

2.84 is now imported to 2.5.0 repo

#3 Updated by Renato Botelho 29 days ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF