Hi Felipse,
We've worked with Simon Kelly (dnsmasq author, and debian maintainer) to get a security patch for dnsmasq [1] on Debian 7 (Wheezy) that is the base on ACS4.6-4.10+ systemvmtemplates. As Rafael mentioned, you can in the meanwhile apt-get update+install dnsmasq and restart the service on your existing VRs. There is no change required in CloudStack to mitigate the issue, we are working on an advisory and new systemvmtemplates that should be made public soon. [1] https://packages.debian.org/wheezy/dnsmasq Regards. ________________________________ From: Felipe Arturo Polanco <felipeapola...@gmail.com> Sent: Wednesday, October 11, 2017 12:07:38 AM To: users@cloudstack.apache.org Subject: Dnsmasq exploit, VR vulnerable? Hello, Researchers have found an exploit in dnsmasq code which allows code execution, I was wondering if the Virtual Router uses Dnsmasq for DHCP assignment and also how can we protect it from being exploited. Will there be a new System VM with patches applied? or can we just apt-get update the VR and the patch will be applied? Thanks, rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
