I've just released dnsmasq-2.78, which addresses a series of serious
security vulnerabilities which have been found in dnsmasq by the Google
security team. Some of these, including the most serious, have been in
dnsmasq since prehistoric times, and have remained undetected through
multiple previous security audits.

Google's release about this can be found at:


Information on these bugs has been made available in advance through the
usual channels and updates to distribution packages, firmware images and
Android should be available now or very soon.

I'd like to take this opportunity to thank the people at Google who've
been working with me on this. Releasing information of vulnerabilities
like this in a responsible and organised manner is a fairly daunting
prospect for the uninitiated, and they've been very helpful in helping
to work through the processes. Especial thanks go to Matt Linton and
Kevin Stadmeyer.



Attachment: signature.asc
Description: OpenPGP digital signature

Dnsmasq-discuss mailing list

Reply via email to