dnsmasq version bump in apt ppa - multiple CVEs
Closed this issue · 1 comments
jocado commented
Expected Behavior
Multiple security vulnerabilities should be fixed.
Current Behavior
Multiple security vulnerabilities present.
Possible Solution
Pull latest upstream version from Ubuntu repos.
Ubuntu 16.04 LTS:
dnsmasq 2.75-1ubuntu0.16.04.3
Ubuntu 14.04 LTS:
dnsmasq 2.68-1ubuntu0.2
Steps to Reproduce (for bugs)
Install calico 2.6 from PPA
Context
Details are in this article:
https://usn.ubuntu.com/usn/usn-3430-1/
Your Environment
- Calico 2.6
- Openstack
- Ubuntu, Trusty and Xenial
nelljerram commented
This has now been fixed, by upgrading the dnsmasq packages in all our PPAs (including calico-2.6) to v2.78, which:
- fixes all of the CVEs referenced here
- also includes all the dnsmasq enhancements that Calico for OpenStack depends on.