On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: > Well, I did all this, and confirmed that the sys-* servicevms are all > using Fedora 25, but it still has dnsmasq version 2.76. According to > US-CERT, 2.78 is needed to get the vulnerability fixes. Which concerns > me, given the length of time that the exploit code has been public. > Surprises me too, since Debian had it out in a matter of hours. > > However, it's not running in any of these, nor in dom0. Should I just > uninstall it? > > Thanks, > Ron >
It's weird, but it seems like every distro *but* Fedora has released an updated version or version with a backported fix. Even Red Hat Enterprise has done it. I don't know what the hold up is, but it'll be a package with a backported fix and currently it's set to be 2.76.4 (or greater if more bugs are found). https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/orcae3%24jon%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.