Hello
I just read this https://arstechnica.com/information-technology/2017/10/code-execution-flaws-threaten-users-of-routers-linux-and-other-oses/ , which outlines that apparently versions of Dnsmasq before 2.78 have several security vulnerabilities. However:
they worked with the maintainer of Dnsmasq to patch the vulnerabilities in version 2.78
In my 20170928 TW, i found this:
gooeygirl@linux-Tower:~> [b]sudo zypper refresh
[/b][sudo] password for root:
Repository 'My_openSUSE_Repo' is up to date.
Repository 'Vivaldi' is up to date.
Repository 'Main Repository (NON-OSS)' is up to date.
Retrieving repository 'Main Repository (OSS)' metadata ....................................................................................................[done]
Building repository 'Main Repository (OSS)' cache .........................................................................................................[done]
Repository 'Main Update Repository' is up to date.
Retrieving repository 'Packman Repository' metadata .......................................................................................................[done]
Building repository 'Packman Repository' cache ............................................................................................................[done]
All repositories have been refreshed.
gooeygirl@linux-Tower:~> [b]zypper if Dnsmasq[/b]
Loading repository data...
Reading installed packages...
Information for package dnsmasq:
--------------------------------
Repository : Main Repository (OSS)
Name : dnsmasq
[b]Version : 2.76-2.3 [/b]
Arch : x86_64
Vendor : openSUSE
Installed Size : 1.2 MiB
Installed : Yes
[b]Status : up-to-date [/b]
Source package : dnsmasq-2.76-2.3.src
Summary : Lightweight, Easy-to-Configure DNS Forwarder and DHCP Server
Description :
Dnsmasq is a lightweight, easy-to-configure DNS forwarder and DHCP
server. It is designed to provide DNS and, optionally, DHCP, to a small
network. It can serve the names of local machines that are not in the
global DNS. The DHCP server integrates with the DNS server and allows
machines with DHCP-allocated addresses to appear in DNS with names
configured either in each host or in a central configuration file.
Dnsmasq supports static and dynamic DHCP leases and BOOTP for network
booting of diskless machines.
gooeygirl@linux-Tower:~>
Curious then about Leap’s status, in one of my standard Leap VMs i found this:
gooeygirl@linux-i4ba:~> [b]sudo zypper refresh
[/b][sudo] password for root:
Repository 'Vivaldi' is up to date.
Repository 'openSUSE-Leap-42.3-0' is up to date.
Retrieving repository 'Packman Repository' metadata ...................................................................................................................................[done]
Building repository 'Packman Repository' cache ........................................................................................................................................[done]
Repository 'openSUSE-Leap-42.3-Non-Oss' is up to date.
Retrieving repository 'openSUSE-Leap-42.3-Update' metadata ............................................................................................................................[done]
Building repository 'openSUSE-Leap-42.3-Update' cache .................................................................................................................................[done]
Repository 'openSUSE-Leap-42.3-Update-Non-Oss' is up to date.
All repositories have been refreshed.
gooeygirl@linux-i4ba:~> [b]zypper if Dnsmasq[/b]
Loading repository data...
Reading installed packages...
Information for package dnsmasq:
--------------------------------
Repository : openSUSE-Leap-42.3-Update
Name : dnsmasq
[b]Version : 2.78-13.1 [/b]
Arch : x86_64
Vendor : openSUSE
Installed Size : 1.2 MiB
Installed : Yes (automatically)
[b]Status : up-to-date [/b]
Source package : dnsmasq-2.78-13.1.src
Summary : Lightweight, Easy-to-Configure DNS Forwarder and DHCP Server
Description :
Dnsmasq is a lightweight, easy-to-configure DNS forwarder and DHCP
server. It is designed to provide DNS and, optionally, DHCP, to a small
network. It can serve the names of local machines that are not in the
global DNS. The DHCP server integrates with the DNS server and allows
machines with DHCP-allocated addresses to appear in DNS with names
configured either in each host or in a central configuration file.
Dnsmasq supports static and dynamic DHCP leases and BOOTP for network
booting of diskless machines.
gooeygirl@linux-i4ba:~>
Thus, two [obvious] questions arise from these observations:
[ol]
[li]How can Leap have newer packages [of anything] than TW?[/li][li]Will TW receive the patched Dnsmasq very soon?[/li][/ol]
Thanks.