I've just released dnsmasq-2.78, which addresses a series of serious security vulnerabilities which have been found in dnsmasq by the Google security team. Some of these, including the most serious, have been in dnsmasq since prehistoric times, and have remained undetected through multiple previous security audits.
Google's release about this can be found at: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Information on these bugs has been made available in advance through the usual channels and updates to distribution packages, firmware images and Android should be available now or very soon. I'd like to take this opportunity to thank the people at Google who've been working with me on this. Releasing information of vulnerabilities like this in a responsible and organised manner is a fairly daunting prospect for the uninitiated, and they've been very helpful in helping to work through the processes. Especial thanks go to Matt Linton and Kevin Stadmeyer. Cheers, Simon.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
