Question

3

How to get the latest dnsmasq version?

rated 0 times [ 3] [ 0] / answers: 1 / hits: 3134 / 2 Years ago, sun, april 17, 2022, 11:01:07

I'd like to update to the latest version of dnsmasq (2.83). I used sudo apt update followed by sudo apt upgrade in an attempt to update the software and libraries installed on the machine. I then checked my dnsmasq version with dnsmasq -v however the version is 2.80.

How can I get the latest version? I looked on the dnsmasq website and downloaded what seemed to be the latest release but I can't find the actual dnsmasq binary in the download.

Thanks in advance.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

tersle

Add To Favorites

Follow

Total Points: 342

Total Questions: 109

Total Answers: 99

Location: Kazakhstan

Member since Mon, Sep 26, 2022

2 Years ago

tersle questions

1 How to backup /home partition from one laptop and restore to another

Tue, Feb 1, 22, 03:17, 2 Years ago

1 Save files on local storage from rclone (OneDrive)

Sat, Oct 23, 21, 00:33, 3 Years ago

1 Automatically manage swap / memory

Sat, Nov 20, 21, 09:58, 3 Years ago

1 Tumbler is driving me CRAZY... how can I remove it?

Thu, May 11, 23, 22:57, 1 Year ago

1 Ubuntu 20.10 isn't recognizing usb drive as mobile broadband

Thu, Sep 22, 22, 22:14, 2 Years ago

View All

answered 2 Years ago olfdit · Accepted Answer

Let's lead you through a single CVE, and you can do the rest yourself.

Prerequisite: You didn't say your release of Ubuntu, but we'll assume that it's Ubuntu 20.04 because only 20.04 uses dnsmasq 2.80.

The list of CVEs you provided is
- CVE-2020-25681
- CVE-2020-25682
- CVE-2020-25683
- CVE-2020-25687

Plug one CVE ("CVE-2020-25687") into https://ubuntu.com/security/cve
- Alternately, you can try https://ubuntu.com/security/cve-2020-25687

Get the result

Note the Publish date (Not pictured: 19 January 2021)

Note the Priority (Not pictured: Medium). Higher priority CVEs are patched faster. Low-priority CVEs are sometimes not patched, or are irrelevent

And the result: CVE-2020-25687 was patched for 20.04 in the dnsmasq package version 2.80-1.1ubuntu1.2.

As a check, let's look at the changelog for the dnsmasq package

   dnsmasq (2.80-1.1ubuntu1.2) focal-security; urgency=medium



     * SECURITY UPDATE: Multiple security issues

       - CVE-2020-25681: heap overflow in RRSets sorting

       - CVE-2020-25682: buffer overflow in extracting names from DNS packets

       - CVE-2020-25683: heap overflow in DNSSEC validation

       - CVE-2020-25684: cache poisoning issue via address/port

       - CVE-2020-25685: cache poisoning issue via weak hash

       - CVE-2020-25686: birthday attack via incorrect existing requests check

       - CVE-2020-25687: heap overflow in DNSSEC validation

       - CVE-2019-14834: memory leak via DHCP response creation



    -- Marc Deslauriers <[email protected]>  Fri, 08 Jan 2021 09:59:59 -0500

Let's find out if we're running the patched version.
- You cannot use dnsmasq -v. Both patched and unpatched will correctly show version 2.80. Patching bumps the version only from 2.80-1.1ubuntu1.1 to 2.80-1.1ubuntu1.2.
So instead, let's ask dpkg or apt

   you@YourSystem:~$ dpkg -l | grep dnsmasq

   ii  dnsmasq                               2.80-1.1ubuntu1.2                     

   amd64        Small caching DNS proxy and DHCP/TFTP server



   you@YourSystem:~$ apt list dnsmasq-base

   Listing... Done

   dnsmasq/focal-security,now 2.80-1.1ubuntu1.2 amd64 [installed]

Ubuntu's Unattended Upgrades feature automatically installs security upgrades, so that you are already, like me, already running the patched version without telling your system to do anything.