Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Dnsmasq

  1. #1
    Newbie
    Join Date
    Jun 2016
    Posts
    9

    Default Dnsmasq

    Do any versions of untangle use Dnsmasq version 2.77 and if so which ones?

    Thanks

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,447

    Default

    No, but that isn't the issue...
    If you think I got Grumpy

  3. #3
    Master Untangler
    Join Date
    Apr 2017
    Posts
    141

    Default

    Quote Originally Posted by Jim.Alles View Post
    No, but that isn't the issue...
    What is the issue?

  4. #4
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    708

    Default

    I would like to hear that too... Since I was literally just reviewing some malware snippets that exploit the vulnerabilities in DNSMASQ yesterday... The most interesting aren't the ones specific to 2.77, rather the 2.66 ones were my focus area.

    Not sure how you can say 'that is not the issue' then disappear.

  5. #5
    Master Untangler
    Join Date
    Apr 2017
    Posts
    141

    Default

    Quote Originally Posted by Jim.Alles View Post
    No, but that isn't the issue...
    Which version of DNsmasq is used by 13.1?

  6. #6
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,447

    Default serious security vulnerabilities

    Oh, I actually disappeared quite a while ago, and I am just making it back!

    As far as the past couple of days, I was at a very nice conference hosted by Cornell University (which is where I first heard of this) and had limited time at a computer keyboard. I was also allowing some more time for UT to make a statement, or the O.P to respond; and wanted to phrase this carefully.

    From Simon Kelley:
    https://www.mail-archive.com/dnsmasq.../msg11664.html

    From Google:
    https://security.googleblog.com/2017...-and-dhcp.html

    And thanks to both for the cooperative effort put forth to keep our networks a little safer.

    The specific CVEs:
    https://nvd.nist.gov/vuln/search/res...&query=dnsmasq

    I also believe that the way I have my NGFW configured, there is no cause for panic.

    I would re-phrase the question: "When can we expect dnsmasq-2.78 to be included in an upgrade?".
    Last edited by Jim.Alles; 10-06-2017 at 03:17 AM.

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,015

    Default

    Quote Originally Posted by Jim.Alles View Post
    I would re-phrase the question: "When can we expect dnsmasq-2.78 to be included in an upgrade?".
    When Debian includes it.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    A better question would be "When can we expect fixes for the these issues?"
    That answer is: 2.72-3+deb8u2

    https://security-tracker.debian.org/...CVE-2017-14491

    2.76 will not be used until 14.0
    2.78 will likely not be used for many years.
    If you just care about version number, you are free to install whatever software you like on your Untangle.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,447

    Default

    A better question would be "When can we expect fixes for these issues?"
    Yes, and if anyone feels the need to patch these now for themselves, they were developed per CVE:
    http://thekelleys.org.uk/gitweb/?p=d....git;a=summary

    have at it!

    And thanks UT, for keeping up with these kinds of issues and sorting them out - I wouldn't expect it at all from any off-the-shelf consumer router manufacturer.
    Last edited by Jim.Alles; 10-06-2017 at 03:29 AM.

  10. #10
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,233

    Default

    Quote Originally Posted by dmorris View Post
    A better question would be "When can we expect fixes for the these issues?"
    That answer is: 2.72-3+deb8u2

    https://security-tracker.debian.org/...CVE-2017-14491

    2.76 will not be used until 14.0
    2.78 will likely not be used for many years.
    If you just care about version number, you are free to install whatever software you like on your Untangle.
    2.72-3+deb8u2 is available in debian jessie. I wonder why untangle apt-get update does not get it?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2