New Dnsmasq exploits found by security engineers

[Lucap]

http://www.theregister.co.uk/2017/10/02/dnsmasq_flaws/

Google security engineers have spotted not one, not two, but seven serious flaws in Dnsmasq, a fairly widely used DNS forwarder and DHCP server.

This open-source program is present in a lot of home routers and certain Internet of Things gadgets, and included in desktop Linux distributions such as Ubuntu and Debian. According to Shodan, there are right now 1,098,179 devices facing the public internet with Dnsmasq services running.

The worst bugs can be exploited over the network to execute malicious code on a vulnerable system and hijack it.

Is this a problem for Mint?

[Pjotr]

Security issues are being discovered, and fixed, almost on a daily basis. That's where all those security updates you keep getting are for.... So: *shrug* business as usual.

[Hoser Rob]

Checked your updates? My dns-masq was updated yesterday.

As mentioned this is an ongoing process. It'll never end. There's no OS that will magically make you hack proof, but at least with open source ones they can't hide the bugs forever.

[Brent Rasmussen]

The dnsmasq version I have installed is 2.75. The version with the patch that fixes this vulnerability is 2.78. How can I manually update dnsmasq to the patched version 2.78? Do I have to wait for the automatic update to occur via the Update Manager? Googling around I do not see a simple way to update dnsmasq from one version to the newest one. Am I missing something? Is this something I should even be concerned about?

Thanks in advance for any advice.

[Pjotr]

The dnsmasq version I have installed is 2.75. The version with the patch that fixes this vulnerability is 2.78. How can I manually update dnsmasq to the patched version 2.78? Do I have to wait for the automatic update to occur via the Update Manager? Googling around I do not see a simple way to update dnsmasq from one version to the newest one. Am I missing something? Is this something I should even be concerned about?

Thanks in advance for any advice.

Note that it's open source, so sometimes the repo maintainers choose to apply only the security fixes to the leaky old version, instead of uploading an entirely new upstream version.

[rene]

You should not be concerned; assuming you installed the normal updates you are using a patched version already. The 2.78 refers to the upstream ("main") version only. As a matter of regression management distributions don't indiscriminately update to a fully new version automatically, but (when and as long as possible) backport isolated vulnerability fixes to their own version. In the case of Ubuntu 16.04 / Mint 18.x and dnsmasq, the latter is version 2.75, patched for the here referred to vulnerabilities as of version 2.75-1ubuntu0.16.04.3: https://usn.ubuntu.com/usn/usn-3430-1/.

You're fine...

[Brent Rasmussen]

Ok. Thanks for the info!

[voltscommissar]

You should not be concerned; ......

You're fine...

maybe, but I have noticed strange activity lately with dnsmasq listening on port 2995, then possibly related instances of smbd nmbd httpd setting up connections to remote sites. Mint 17.3 here, still supposedly being patched but dnsmasq is back at ver 2.68.



...or is the blue highlighted section a normal happenstance related to mintupdate (and if so what the heck is it doing?)

[rene]

You appear to be confusing process id's with "ports"; the 2995 that is displayed for dnsmasq is a process id (PID) and has nothing to do with networking. Also, the blue section is not readable.

From the same link as posted above, the Mint 17.3 (i.e., Ubuntu 14.04) version of dnsmasq is updated as to the in this thread mentioned vulnerabilities as of 2.68-1ubuntu0.2; an apt show dnsmasqwill confirm you being on that version if you are on an updated system. Other than that: as far as I am able to visually decrypt your screenshot you appear to have http(s) processes active; not httpd; smbd and nmbd are both not shown and just a normal part of samba.

"La condition humaine" is to distrust that which we don't understand. You should not be concerned, and you're fine.