[FS#3584] dnsmasq, remote code execution, cache poisoning. CVE-2020-25681, CVE-2020-25687, CVE-2020-25684, ...

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Thu Jan 21 15:25:15 EST 2021


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

The following task has a new comment added:

FS#3584 - dnsmasq, remote code execution, cache poisoning. CVE-2020-25681, CVE-2020-25687, CVE-2020-25684, ...
User who did this - Hannu Nyman (hnyman)

----------
Apparently you didn't notice that since two days ago:

* in master, the version is already upgraded to 2.83
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e87c0d934c54d0b07caef1db3af170510acf3cfa

* in 19.07, the fixes have been backported to dnsmasq 2.80.
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=8055e38794741313f8f4e6059f83c71dc0ab1d1c

* 18.06 is deprecated and unsupported.

And the bug has been announced in the forum and website:
https://forum.openwrt.org/t/security-advisory-2021-01-19-1-dnsmasq-multiple-vulnerabilities/85903/1
and
https://openwrt.org/advisory/2021-01-19-1



----------

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3584#comment9311

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the openwrt-bugs mailing list