Do any versions of untangle use Dnsmasq version 2.77 and if so which ones?
Thanks
Do any versions of untangle use Dnsmasq version 2.77 and if so which ones?
Thanks
No, but that isn't the issue...
If you think I got Grumpy
I would like to hear that too... Since I was literally just reviewing some malware snippets that exploit the vulnerabilities in DNSMASQ yesterday... The most interesting aren't the ones specific to 2.77, rather the 2.66 ones were my focus area.
Not sure how you can say 'that is not the issue' then disappear.
Oh, I actually disappeared quite a while ago, and I am just making it back!
As far as the past couple of days, I was at a very nice conference hosted by Cornell University (which is where I first heard of this) and had limited time at a computer keyboard. I was also allowing some more time for UT to make a statement, or the O.P to respond; and wanted to phrase this carefully.
From Simon Kelley:
https://www.mail-archive.com/dnsmasq.../msg11664.html
From Google:
https://security.googleblog.com/2017...-and-dhcp.html
And thanks to both for the cooperative effort put forth to keep our networks a little safer.
The specific CVEs:
https://nvd.nist.gov/vuln/search/res...&query=dnsmasq
I also believe that the way I have my NGFW configured, there is no cause for panic.
I would re-phrase the question: "When can we expect dnsmasq-2.78 to be included in an upgrade?".
Last edited by Jim.Alles; 10-06-2017 at 03:17 AM.
Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
A better question would be "When can we expect fixes for the these issues?"
That answer is: 2.72-3+deb8u2
https://security-tracker.debian.org/...CVE-2017-14491
2.76 will not be used until 14.0
2.78 will likely not be used for many years.
If you just care about version number, you are free to install whatever software you like on your Untangle.
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
Yes, and if anyone feels the need to patch these now for themselves, they were developed per CVE:A better question would be "When can we expect fixes for these issues?"
http://thekelleys.org.uk/gitweb/?p=d....git;a=summary
have at it!
And thanks UT, for keeping up with these kinds of issues and sorting them out - I wouldn't expect it at all from any off-the-shelf consumer router manufacturer.
Last edited by Jim.Alles; 10-06-2017 at 03:29 AM.