Seven security vulnerabilities have been discovered in Dnsmasq by Google

Dnsmasq gives functionality for serving DNS, DHCP, router advertisements and network boot. The software is usually installed in systems as varied as desktop Linux distributions (such as Ubuntu), routers, and IoT (Internet of Things) devices. Dnsmasq is generally used both on the open internet and internally in private networks.

Security engineers from Google have found seven security flaws in the common open source Dnsmasq network services software, three are Denial of Service (DoS) flaws, one could result in “Information Leakage” and three of them are code execution flaws that could be exploited over the network to execute malicious code on a vulnerable system and hijack it.

According to Google researchers:
“We discovered seven distinct issues (listed below) over the course of our regular internal security assessments. Once we determined the severity of these issues, we worked to investigate their impact and exploitability and then produced internal proofs of concept for each of them. We also worked with the maintainer of Dnsmasq, Simon Kelley, to produce appropriate patches and mitigate the issue.”

Version 2.78 has been released by Simon Kelley and it has all the fixes you want, so you should be running that version. You can get this by updating your packages on your system as per usual. Android partners have received this patch as well and it will be included in Android’s monthly security update for October.

Related posts

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites