Todo #11278
closed
Update dnsmasq to >=2.8.3
Added by Logan Marchione almost 4 years ago.
Updated almost 4 years ago.
Description
Not really a bug, but are you aware of DNSpooq?
https://www.jsof-tech.com/disclosures/dnspooq/
AFAIK, it was just announced today. I'm assuming FreeBSD has it patched (I don't see an advisory yet). Are there plans to patch pfSense?
Cache Poisoning Vulnerabilities
CVE-2020-25686, CVE-2020-25684, CVE-2020-25685
Buffer Overflow Vulnerabilities
CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681
- Tracker changed from Bug to Todo
- Subject changed from DNSpooq (not a bug, but is this planned to be patched?) to Update dnsmasq to >=2.8.3
- Assignee set to Renato Botelho
- Target version set to 2.5.0
We are aware, but for the most part it wouldn't impact us. These are all issues in dnsmasq, which while included in pfSense software, has not been the default in many years. Most of them require using DNSSEC with dnsmasq, which is not supported in pfSense, so there is no way to exploit them.
If someone is concerned they could switch to using the DNS Resolver (unbound) instead.
That said, the FreeBSD ports tree now has dnsmasq 2.83 so we can pull that in to 2.5.0 before release.
- Status changed from New to Feedback
2.84 is now imported to 2.5.0 repo
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by